def _db_params(self, t):
params = t.add_resource(
rds.DBParameterGroup(
'{}RDSParamGroup'.format(self.stack_name),
Family='{}{}'.format(self.db_type, self.db_version),
Description="ParamGroup for {}".format(self.stack_name),
Parameters=self.params))
return params
def rdsdbparams(context, template):
if not context.get('rds_params'):
return None
lu = partial(utils.lu, context)
engine = lu('rds.engine')
version = str(lu('rds.version'))
name = RDS_DB_PG
dbpg = rds.DBParameterGroup(
name,
**{
'Family':
"%s%s" % (engine.lower(), version), # "mysql5.6", "postgres9.4"
'Description':
'%s (%s) custom parameters' %
(context['project_name'], context['instance_id']),
'Parameters':
context['rds_params']
})
template.add_resource(dbpg)
return Ref(dbpg)
def create_rds_instance(self):
rds_security_group_name = 'sgDatabaseServer'
rds_security_group = self.add_resource(
ec2.SecurityGroup(
rds_security_group_name,
GroupDescription='Enables access to database servers',
VpcId=Ref(self.vpc_id),
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=VPC_CIDR,
FromPort=p,
ToPort=p) for p in [POSTGRESQL]
],
SecurityGroupEgress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=VPC_CIDR,
FromPort=p,
ToPort=p) for p in [POSTGRESQL]
],
Tags=self.get_tags(Name=rds_security_group_name)))
rds_subnet_group_name = 'dbsngDatabaseServer'
rds_subnet_group = self.add_resource(
rds.DBSubnetGroup(rds_subnet_group_name,
DBSubnetGroupDescription=
'Private subnets for the RDS instances',
SubnetIds=Ref(self.private_subnets),
Tags=self.get_tags(Name=rds_subnet_group_name)))
rds_parameter_group = self.add_resource(
rds.DBParameterGroup(
'dbpgDatabaseServer',
Family='postgres9.4',
Description='Parameter group for the RDS instances',
Parameters={'log_min_duration_statement': '500'}))
rds_database_name = 'DatabaseServer'
rds_database = self.add_resource(
rds.DBInstance(
rds_database_name,
AllocatedStorage=128,
AllowMajorVersionUpgrade=False,
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=30,
DBInstanceClass=Ref(self.rds_instance_type),
DBName=Ref(self.rds_db_name),
DBParameterGroupName=Ref(rds_parameter_group),
DBSubnetGroupName=Ref(rds_subnet_group),
Engine='postgres',
EngineVersion='9.4.15',
MasterUsername=Ref(self.rds_username),
MasterUserPassword=Ref(self.rds_password),
MultiAZ=True,
PreferredBackupWindow='04:00-04:30', # 12:00AM-12:30AM ET
PreferredMaintenanceWindow=
'sun:04:30-sun:05:30', # NOQA SUN 12:30AM-01:30AM ET
StorageType='gp2',
VPCSecurityGroups=[Ref(rds_security_group)],
Tags=self.get_tags(Name=rds_database_name)))
return rds_database, rds_security_group
def build_template(self):
t = self._init_template()
username = "******"
passwd = "rdspasswd"
instance_type = t.add_parameter(
Parameter("Input{}RDSInstanceType".format(self.stack_name),
Type='String',
Default='db.t2.medium'))
instance_size = t.add_parameter(
Parameter("Input{}RDSSize".format(self.stack_name),
Type='String',
Default='20'))
storage_type = t.add_parameter(
Parameter("Input{}RDSStorageType".format(self.stack_name),
Type='String',
Default='gp2'))
backup_retention = t.add_parameter(
Parameter('InputBackupRetentionPeriod', Type='String',
Default='7'))
sn_list = self.vpc.output_private_subnets()
if self.public:
sn_list = self.vpc.output_public_subnets()
subnet_refs = [
Ref(t.add_parameter(Parameter(i, Type='String'))) for i in sn_list
]
sg_refs = [
Ref(
t.add_parameter(
Parameter(i.output_security_group(), Type='String')))
for i in self.security_groups
]
params = t.add_resource(
rds.DBParameterGroup(
'{}RDSParamGroup'.format(self.stack_name),
Family='{}{}'.format(self.db_type, self.db_version),
Description="ParamGroup for {}".format(self.name),
Parameters=self.params))
sn_groups = t.add_resource(
rds.DBSubnetGroup(
'{}RDSSubnetGroup'.format(self.stack_name),
DBSubnetGroupDescription='{} Subnet Group'.format(
self.stack_name),
SubnetIds=subnet_refs))
db = t.add_resource(
rds.DBInstance(
'{}RDSInstance'.format(self.stack_name),
AllocatedStorage=Ref(instance_size),
BackupRetentionPeriod=Ref(backup_retention),
DBInstanceClass=Ref(instance_type),
DBSubnetGroupName=Ref(sn_groups),
Engine=self.db_type,
EngineVersion=self.db_version,
DBParameterGroupName=Ref(params),
MasterUsername=username,
MasterUserPassword=passwd,
MultiAZ=self.multiaz,
PubliclyAccessible=self.public,
StorageType=Ref(storage_type),
VPCSecurityGroups=sg_refs,
))
t.add_output([
Output('{}RDSInstance'.format(self.stack_name), Value=Ref(db)),
Output('{}Endpoint'.format(self.stack_name),
Value=GetAtt(db, 'Endpoint.Address'))
])
return t
def configure(self):
rds_metadata = constants.ENVIRONMENTS[self.env]['rds']
self.name = 'rds'
self.add_description('Sets up an RDS Instance in a VPC')
self.get_standard_parameters()
self.get_default_security_groups()
for db in rds_metadata:
name = self.env + db['name']
# get secrets
env_name = "DB_{}_".format(db['name'])
db_user = db.get('admin_user',
os.environ.get(env_name + "USER", None))
db_pass = db.get('admin_pass',
os.environ.get(env_name + "PASS", None))
if (db_user or db_pass) is None:
raise KeyError(
"Database user or password not set. Please set {0}USER or {0}PASS environment variables"
.format(env_name))
if db_user in ("rdsadmin", "admin"):
raise ValueError(
"Database admin '{}' cannot be used as it is a reserved word used by the engine"
.format(db_user))
tags = self.get_tags(service_override=self.name,
role_override=db['name'])
security_group = self.add_resource(
ec2.SecurityGroup(
'{}RDSSecurityGroup'.format(name),
VpcId=self.vpc_id,
GroupDescription='Security Group for {} Access'.format(
self.name),
SecurityGroupIngress=[{
'IpProtocol': 'tcp',
'FromPort': 5432,
'ToPort': 5432,
'CidrIp': self.vpc_cidr
} # Allow DB access
],
Tags=tags))
self.add_security_group(Ref(security_group))
# Default to true for preferred subnet unless using multi_az
preferred_only = False if db.get('multi_az') is True else db.get(
'preferred_only', True)
rds_subnet_group = self.add_resource(
rds.DBSubnetGroup(
'{}RDSSubnetGroup'.format(name),
DBSubnetGroupDescription='Subnet group for {} RDS'.format(
name),
SubnetIds=list(
map(
lambda x: x['SubnetId'],
self.get_subnets(
'private', _preferred_only=preferred_only)))))
rds_parameter_group = self.add_resource(
rds.DBParameterGroup(
'{}DBParameterGroup'.format(name),
Description='RDS ParameterGroup for {}'.format(name),
Family=db.get('engine_family', 'postgres11'),
Parameters={
'log_min_duration_statement':
250,
'max_connections':
'{DBInstanceClassMemory/10485760}',
'pg_stat_statements.track':
'all',
'pg_stat_statements.max':
db.get('max_logged_statements', '1000')
},
Tags=tags))
rds_instance = self.add_resource(
rds.DBInstance(
'{}RDSInstance'.format(name),
AllocatedStorage=db['allocated_storage'],
AutoMinorVersionUpgrade=True,
BackupRetentionPeriod=7,
DBInstanceClass=db['instance_type'],
DBInstanceIdentifier=name,
DBParameterGroupName=Ref(rds_parameter_group),
#DBSnapshotIdentifier=db['snapshot_id'],
DBSubnetGroupName=Ref(rds_subnet_group),
Engine='postgres',
EngineVersion=db.get('engine_version', '11.5'),
LicenseModel='postgresql-license',
MultiAZ=db.get('multi_az', False),
PreferredBackupWindow='06:00-07:00',
PreferredMaintenanceWindow='sat:07:00-sat:08:00',
PubliclyAccessible=False,
StorageEncrypted=True,
StorageType='gp2',
Tags=tags,
VPCSecurityGroups=self.security_groups,
MasterUsername=db_user,
MasterUserPassword=db_pass,
))
if self.get_partition(
) == 'aws': # aws-us-gov and aws-cn may not have route53 public zones
hosted_zone = constants.ENVIRONMENTS[self.env]['route53_zone']
self.add_resource(
route53.RecordSetGroup(
'{}Route53'.format(name),
HostedZoneName=hosted_zone,
RecordSets=[
route53.RecordSet(Name='{}.rds.{}'.format(
db['name'], hosted_zone),
ResourceRecords=[
GetAtt(
rds_instance,
'Endpoint.Address')
],
Type='CNAME',
TTL=600)
]))
"sqlserver-web-12.0",
"sqlserver-web-13.0",
"sqlserver-web-14.0",
],
Description=
"Database parameter group family name; must match the engine and version of "
"the RDS instance.",
),
group="Database",
label="Parameter Group Family",
)
db_parameter_group = rds.DBParameterGroup(
"DatabaseParameterGroup",
template=template,
Condition=db_condition,
Description="Database parameter group.",
Family=Ref(db_parameter_group_family),
Parameters={},
)
db_name = template.add_parameter(
Parameter(
"DatabaseName",
Default="app",
Description="Name of the database to create in the database server",
Type="String",
MinLength="1",
MaxLength="64",
AllowedPattern="[a-zA-Z][a-zA-Z0-9_]*",
ConstraintDescription=("must begin with a letter and contain only"
" alphanumeric characters.")),
FromPort='1521',
ToPort='1521',
CidrIp=Ref(param_db_client_location),
), Ref(AWS_NO_VALUE)),
],
))
subnet_group = t.add_resource(
rds.DBSubnetGroup('DatabaseSubnetGroup',
DBSubnetGroupDescription='RDS subnet group',
SubnetIds=Ref(param_subnetids)))
param_group = t.add_resource(
rds.DBParameterGroup(
'DatabaseParameterGroup',
Description='RDS parameter group',
Family=Ref(param_db_param_group_family),
))
enhanced_monitoring_role = t.add_resource(
iam.Role(
'EnhancedMonitoringRole',
Condition='EnhancedMonitoringCondition',
AssumeRolePolicyDocument=Policy(Statement=[
Statement(Effect=Allow,
Action=[awacs.sts.AssumeRole],
Principal=Principal(
'Service', Sub('monitoring.rds.${AWS::URLSuffix}')))
]),
ManagedPolicyArns=[
Sub('arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole'
PolicyType='TargetTrackingScaling',
ResourceId='service/default/ws-currency-conversion-service-lb',
ScalableDimension='ecs:service:DesiredCount',
ServiceNamespace='ecs',
TargetTrackingScalingPolicyConfiguration=applicationautoscaling.
TargetTrackingScalingPolicyConfiguration(
PredefinedMetricSpecification=applicationautoscaling.
PredefinedMetricSpecification(
PredefinedMetricType='ECSServiceAverageCPUUtilization'),
ScaleInCooldown=300,
ScaleOutCooldown=300,
TargetValue=70)))
RDSDBParameterGroup = template.add_resource(
rds.DBParameterGroup('RDSDBParameterGroup',
Description='Default parameter group for mysql5.7',
Family='mysql5.7'))
RDSDBParameterGroup2 = template.add_resource(
rds.DBParameterGroup('RDSDBParameterGroup2',
Description='Default parameter group for mysql8.0',
Family='mysql8.0'))
RDSOptionGroup = template.add_resource(
rds.OptionGroup(
'RDSOptionGroup',
EngineName='mysql',
MajorEngineVersion='5.7',
OptionGroupDescription='Default option group for mysql 5.7'))
RDSOptionGroup2 = template.add_resource(