RDS PostgreSQL database with secure firewall configuration, encryption, multi AZ, backup enabled, and alerting.
Install Node.js and npm first!
npm i @cfn-modules/rds-postgres
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Database:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
ClientSgModule: !GetAtt 'ClientSg.Outputs.StackName' # required
AlertingModule: '' # optional
HostedZoneModule: '' # optional
BastionModule: '' # optional
KmsKeyModule: '' # optional
DBSnapshotIdentifier: '' # optional
DBAllocatedStorage: '5' # optional
DBInstanceClass: 'db.t2.micro' # optional
DBName: '' # optional
DBBackupRetentionPeriod: '30' # optional
DBMasterUsername: 'master' # optional
DBMasterUserPassword: '' # required if DBSnapshotIdentifier is not set
DBMultiAZ: 'true' # optional
SubDomainNameWithDot: 'postgres.' # optional
# set this to the latest available version when launching! Use command below to get list of engineversions available in AWS.
# aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"
EngineVersion: '9.6.8'
EnableIAMDatabaseAuthentication: 'false' # optional
DBParameterGroupName: '' # optional
LambdaExecutionRoleArn: '' # optional
TemplateURL: './node_modules/@cfn-modules/rds-postgres/module.yml'| Name | Description | Default | Required? | Allowed values |
|---|---|---|---|---|
| VpcModule | Stack name of vpc module | yes | ||
| ClientSgModule | Stack name of client-sg module where traffic is allowed from on port 5432 to the database | yes | ||
| AlertingModule | Stack name of alerting module | no | ||
| HostedZoneModule | Stack name of module implementing HostedZone | no | ||
| BastionModule | Stack name of module implementing Bastion | no | ||
| KmsKeyModule | Stack name of kms-key module | no | ||
| DBSnapshotIdentifier | Name or Amazon Resource Name (ARN) of the DB snapshot from which you want to restore (leave blank to create an empty database) | no | ||
| DBAllocatedStorage | The allocated storage size, specified in GB (ignored when DBSnapshotIdentifier is set, value used from snapshot) | 5 | no | [5-16384] |
| DBInstanceClass | The instance type of the database | db.t2.micro | no | |
| DBName | Name of the database (ignored when DBSnapshotIdentifier is set, value used from snapshot) | auto generated value | no | |
| DBBackupRetentionPeriod | The number of days to keep snapshots of the database | 35 | no | [0-35] |
| DBMasterUsername | The master user name for the DB instance (ignored when DBSnapshotIdentifier is set, value used from snapshot) | master | no | |
| DBMasterUserPassword | The master password for the DB instance (ignored when DBSnapshotIdentifier is set, value used from snapshot) | yes (no if DBSnapshotIdentifier is set) | ||
| DBMultiAZ | Specifies if the database instance is deployed to multiple Availability Zones for HA | true | no | [true, false] |
| SubDomainNameWithDot | Name that is used to create the DNS entry with trailing dot, e.g. §{SubDomainNameWithDot}§{HostedZoneName}. Leave blank for naked (or apex and bare) domain. Requires HostedZoneModule parameter! | test. | no | |
| EngineVersion | PostgreSQL version | 9.6.8 | no |
set this to the version of PostgreSQL you want to use.
You can run the following command to get the list of PostgreSQL versions supported by AWS RDS:aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"
|
| EnableIAMDatabaseAuthentication | Enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts). | false | no | [true, false] |
| DBParameterGroupName | Creates a new DB Parameter Group with the specified name. | false | no | [true, false] |
| LambdaExecutionRoleArn | Adds a role to the db instance associating it with the 'lambda' feature name. | false | no | [true, false] |
- Scalable: RDS instances capacity (CPU, RAM, network, ...) is limited by design
- Monitoring: Network In+Out is not monitored according to capacity of instance type