mig-deploy/templates/rds.json

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "MIG database",
    "Parameters": {
        "Environment": {
            "AllowedValues": [
                "dev",
                "stage",
                "prod"
            ],
            "Default": "dev",
            "Description": "Environment",
            "Type": "String"
        },
        "BaseStack": {
            "Description": "Name of base stack",
            "Type": "String"
        },
        "DBAllocatedStorage": {
            "Description": "DB storage in GB",
            "Type": "String",
            "Default": "8"
        },
        "DBInstanceClass": {
            "Description": "DB instance class",
            "Type": "String",
            "Default": "db.r3.large"
        },
        "DBUser": {
            "Description": "DB username",
            "Type": "String",
            "Default": "migadmin"
        },
        "DBPassword": {
            "Description": "DB password",
            "Type": "String"
        }
    },
    "Resources": {
        "DBSubnetGroup": {
            "Type": "AWS::RDS::DBSubnetGroup",
            "Properties": {
                "DBSubnetGroupDescription": "mig db subnet group",
                "SubnetIds": [
                    { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-PrivateSubnet1" }},
                    { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-PrivateSubnet2" }}
                ]
            }
        },
        "DB": {
            "Type": "AWS::RDS::DBInstance",
            "Properties": {
                "AllocatedStorage": { "Ref": "DBAllocatedStorage" },
                "BackupRetentionPeriod": "30",
                "DBInstanceClass": { "Ref": "DBInstanceClass" },
                "DBInstanceIdentifier": { "Fn::Sub": "db-${AWS::StackName}" },
                "DBName": "mig",
                "VPCSecurityGroups": [ { "Ref": "DBSecurityGroup" } ],
                "Engine": "postgres",
                "EngineVersion": "9.4.7",
                "MasterUsername": { "Ref": "DBUser" },
                "MasterUserPassword": { "Ref": "DBPassword" },
                "DBSubnetGroupName": { "Ref": "DBSubnetGroup" },
                "PubliclyAccessible": "false"
            }
        },
        "DBSecurityGroup": {
            "Type": "AWS::EC2::SecurityGroup",
            "Properties": {
                "VpcId": { "Fn::ImportValue": { "Fn::Sub": "${BaseStack}-VPCId" }},
                "GroupDescription": "Security group for MIG RDS instance",
                "SecurityGroupIngress": [
                    { "IpProtocol": "tcp", "FromPort": "5432", "ToPort": "5432", "CidrIp": "10.20.2.0/24" },
                    { "IpProtocol": "tcp", "FromPort": "5432", "ToPort": "5432", "CidrIp": "10.20.3.0/24" }
                ],
                "Tags": [
                    { "Key": "Name", "Value": "mig rds security group" }
                ]
            }
        }
    }
}