def _db_params(self, t): params = t.add_resource( rds.DBParameterGroup( '{}RDSParamGroup'.format(self.stack_name), Family='{}{}'.format(self.db_type, self.db_version), Description="ParamGroup for {}".format(self.stack_name), Parameters=self.params)) return params
def rdsdbparams(context, template): if not context.get('rds_params'): return None lu = partial(utils.lu, context) engine = lu('rds.engine') version = str(lu('rds.version')) name = RDS_DB_PG dbpg = rds.DBParameterGroup( name, **{ 'Family': "%s%s" % (engine.lower(), version), # "mysql5.6", "postgres9.4" 'Description': '%s (%s) custom parameters' % (context['project_name'], context['instance_id']), 'Parameters': context['rds_params'] }) template.add_resource(dbpg) return Ref(dbpg)
def create_rds_instance(self): rds_security_group_name = 'sgDatabaseServer' rds_security_group = self.add_resource( ec2.SecurityGroup( rds_security_group_name, GroupDescription='Enables access to database servers', VpcId=Ref(self.vpc_id), SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p) for p in [POSTGRESQL] ], SecurityGroupEgress=[ ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p) for p in [POSTGRESQL] ], Tags=self.get_tags(Name=rds_security_group_name))) rds_subnet_group_name = 'dbsngDatabaseServer' rds_subnet_group = self.add_resource( rds.DBSubnetGroup(rds_subnet_group_name, DBSubnetGroupDescription= 'Private subnets for the RDS instances', SubnetIds=Ref(self.private_subnets), Tags=self.get_tags(Name=rds_subnet_group_name))) rds_parameter_group = self.add_resource( rds.DBParameterGroup( 'dbpgDatabaseServer', Family='postgres9.4', Description='Parameter group for the RDS instances', Parameters={'log_min_duration_statement': '500'})) rds_database_name = 'DatabaseServer' rds_database = self.add_resource( rds.DBInstance( rds_database_name, AllocatedStorage=128, AllowMajorVersionUpgrade=False, AutoMinorVersionUpgrade=True, BackupRetentionPeriod=30, DBInstanceClass=Ref(self.rds_instance_type), DBName=Ref(self.rds_db_name), DBParameterGroupName=Ref(rds_parameter_group), DBSubnetGroupName=Ref(rds_subnet_group), Engine='postgres', EngineVersion='9.4.15', MasterUsername=Ref(self.rds_username), MasterUserPassword=Ref(self.rds_password), MultiAZ=True, PreferredBackupWindow='04:00-04:30', # 12:00AM-12:30AM ET PreferredMaintenanceWindow= 'sun:04:30-sun:05:30', # NOQA SUN 12:30AM-01:30AM ET StorageType='gp2', VPCSecurityGroups=[Ref(rds_security_group)], Tags=self.get_tags(Name=rds_database_name))) return rds_database, rds_security_group
def build_template(self): t = self._init_template() username = "******" passwd = "rdspasswd" instance_type = t.add_parameter( Parameter("Input{}RDSInstanceType".format(self.stack_name), Type='String', Default='db.t2.medium')) instance_size = t.add_parameter( Parameter("Input{}RDSSize".format(self.stack_name), Type='String', Default='20')) storage_type = t.add_parameter( Parameter("Input{}RDSStorageType".format(self.stack_name), Type='String', Default='gp2')) backup_retention = t.add_parameter( Parameter('InputBackupRetentionPeriod', Type='String', Default='7')) sn_list = self.vpc.output_private_subnets() if self.public: sn_list = self.vpc.output_public_subnets() subnet_refs = [ Ref(t.add_parameter(Parameter(i, Type='String'))) for i in sn_list ] sg_refs = [ Ref( t.add_parameter( Parameter(i.output_security_group(), Type='String'))) for i in self.security_groups ] params = t.add_resource( rds.DBParameterGroup( '{}RDSParamGroup'.format(self.stack_name), Family='{}{}'.format(self.db_type, self.db_version), Description="ParamGroup for {}".format(self.name), Parameters=self.params)) sn_groups = t.add_resource( rds.DBSubnetGroup( '{}RDSSubnetGroup'.format(self.stack_name), DBSubnetGroupDescription='{} Subnet Group'.format( self.stack_name), SubnetIds=subnet_refs)) db = t.add_resource( rds.DBInstance( '{}RDSInstance'.format(self.stack_name), AllocatedStorage=Ref(instance_size), BackupRetentionPeriod=Ref(backup_retention), DBInstanceClass=Ref(instance_type), DBSubnetGroupName=Ref(sn_groups), Engine=self.db_type, EngineVersion=self.db_version, DBParameterGroupName=Ref(params), MasterUsername=username, MasterUserPassword=passwd, MultiAZ=self.multiaz, PubliclyAccessible=self.public, StorageType=Ref(storage_type), VPCSecurityGroups=sg_refs, )) t.add_output([ Output('{}RDSInstance'.format(self.stack_name), Value=Ref(db)), Output('{}Endpoint'.format(self.stack_name), Value=GetAtt(db, 'Endpoint.Address')) ]) return t
def configure(self): rds_metadata = constants.ENVIRONMENTS[self.env]['rds'] self.name = 'rds' self.add_description('Sets up an RDS Instance in a VPC') self.get_standard_parameters() self.get_default_security_groups() for db in rds_metadata: name = self.env + db['name'] # get secrets env_name = "DB_{}_".format(db['name']) db_user = db.get('admin_user', os.environ.get(env_name + "USER", None)) db_pass = db.get('admin_pass', os.environ.get(env_name + "PASS", None)) if (db_user or db_pass) is None: raise KeyError( "Database user or password not set. Please set {0}USER or {0}PASS environment variables" .format(env_name)) if db_user in ("rdsadmin", "admin"): raise ValueError( "Database admin '{}' cannot be used as it is a reserved word used by the engine" .format(db_user)) tags = self.get_tags(service_override=self.name, role_override=db['name']) security_group = self.add_resource( ec2.SecurityGroup( '{}RDSSecurityGroup'.format(name), VpcId=self.vpc_id, GroupDescription='Security Group for {} Access'.format( self.name), SecurityGroupIngress=[{ 'IpProtocol': 'tcp', 'FromPort': 5432, 'ToPort': 5432, 'CidrIp': self.vpc_cidr } # Allow DB access ], Tags=tags)) self.add_security_group(Ref(security_group)) # Default to true for preferred subnet unless using multi_az preferred_only = False if db.get('multi_az') is True else db.get( 'preferred_only', True) rds_subnet_group = self.add_resource( rds.DBSubnetGroup( '{}RDSSubnetGroup'.format(name), DBSubnetGroupDescription='Subnet group for {} RDS'.format( name), SubnetIds=list( map( lambda x: x['SubnetId'], self.get_subnets( 'private', _preferred_only=preferred_only))))) rds_parameter_group = self.add_resource( rds.DBParameterGroup( '{}DBParameterGroup'.format(name), Description='RDS ParameterGroup for {}'.format(name), Family=db.get('engine_family', 'postgres11'), Parameters={ 'log_min_duration_statement': 250, 'max_connections': '{DBInstanceClassMemory/10485760}', 'pg_stat_statements.track': 'all', 'pg_stat_statements.max': db.get('max_logged_statements', '1000') }, Tags=tags)) rds_instance = self.add_resource( rds.DBInstance( '{}RDSInstance'.format(name), AllocatedStorage=db['allocated_storage'], AutoMinorVersionUpgrade=True, BackupRetentionPeriod=7, DBInstanceClass=db['instance_type'], DBInstanceIdentifier=name, DBParameterGroupName=Ref(rds_parameter_group), #DBSnapshotIdentifier=db['snapshot_id'], DBSubnetGroupName=Ref(rds_subnet_group), Engine='postgres', EngineVersion=db.get('engine_version', '11.5'), LicenseModel='postgresql-license', MultiAZ=db.get('multi_az', False), PreferredBackupWindow='06:00-07:00', PreferredMaintenanceWindow='sat:07:00-sat:08:00', PubliclyAccessible=False, StorageEncrypted=True, StorageType='gp2', Tags=tags, VPCSecurityGroups=self.security_groups, MasterUsername=db_user, MasterUserPassword=db_pass, )) if self.get_partition( ) == 'aws': # aws-us-gov and aws-cn may not have route53 public zones hosted_zone = constants.ENVIRONMENTS[self.env]['route53_zone'] self.add_resource( route53.RecordSetGroup( '{}Route53'.format(name), HostedZoneName=hosted_zone, RecordSets=[ route53.RecordSet(Name='{}.rds.{}'.format( db['name'], hosted_zone), ResourceRecords=[ GetAtt( rds_instance, 'Endpoint.Address') ], Type='CNAME', TTL=600) ]))
"sqlserver-web-12.0", "sqlserver-web-13.0", "sqlserver-web-14.0", ], Description= "Database parameter group family name; must match the engine and version of " "the RDS instance.", ), group="Database", label="Parameter Group Family", ) db_parameter_group = rds.DBParameterGroup( "DatabaseParameterGroup", template=template, Condition=db_condition, Description="Database parameter group.", Family=Ref(db_parameter_group_family), Parameters={}, ) db_name = template.add_parameter( Parameter( "DatabaseName", Default="app", Description="Name of the database to create in the database server", Type="String", MinLength="1", MaxLength="64", AllowedPattern="[a-zA-Z][a-zA-Z0-9_]*", ConstraintDescription=("must begin with a letter and contain only" " alphanumeric characters.")),
FromPort='1521', ToPort='1521', CidrIp=Ref(param_db_client_location), ), Ref(AWS_NO_VALUE)), ], )) subnet_group = t.add_resource( rds.DBSubnetGroup('DatabaseSubnetGroup', DBSubnetGroupDescription='RDS subnet group', SubnetIds=Ref(param_subnetids))) param_group = t.add_resource( rds.DBParameterGroup( 'DatabaseParameterGroup', Description='RDS parameter group', Family=Ref(param_db_param_group_family), )) enhanced_monitoring_role = t.add_resource( iam.Role( 'EnhancedMonitoringRole', Condition='EnhancedMonitoringCondition', AssumeRolePolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[awacs.sts.AssumeRole], Principal=Principal( 'Service', Sub('monitoring.rds.${AWS::URLSuffix}'))) ]), ManagedPolicyArns=[ Sub('arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole'
PolicyType='TargetTrackingScaling', ResourceId='service/default/ws-currency-conversion-service-lb', ScalableDimension='ecs:service:DesiredCount', ServiceNamespace='ecs', TargetTrackingScalingPolicyConfiguration=applicationautoscaling. TargetTrackingScalingPolicyConfiguration( PredefinedMetricSpecification=applicationautoscaling. PredefinedMetricSpecification( PredefinedMetricType='ECSServiceAverageCPUUtilization'), ScaleInCooldown=300, ScaleOutCooldown=300, TargetValue=70))) RDSDBParameterGroup = template.add_resource( rds.DBParameterGroup('RDSDBParameterGroup', Description='Default parameter group for mysql5.7', Family='mysql5.7')) RDSDBParameterGroup2 = template.add_resource( rds.DBParameterGroup('RDSDBParameterGroup2', Description='Default parameter group for mysql8.0', Family='mysql8.0')) RDSOptionGroup = template.add_resource( rds.OptionGroup( 'RDSOptionGroup', EngineName='mysql', MajorEngineVersion='5.7', OptionGroupDescription='Default option group for mysql 5.7')) RDSOptionGroup2 = template.add_resource(