/rds-postgres

Primary LanguageJavaScriptApache License 2.0Apache-2.0

cfn-modules: RDS PostgreSQL

RDS PostgreSQL database with secure firewall configuration, encryption, multi AZ, backup enabled, and alerting.

Install

Install Node.js and npm first!

npm i @cfn-modules/rds-postgres

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Database:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
        ClientSgModule: !GetAtt 'ClientSg.Outputs.StackName' # required
        AlertingModule: '' # optional
        HostedZoneModule: '' # optional
        BastionModule: '' # optional
        KmsKeyModule: '' # optional
        DBSnapshotIdentifier: '' # optional
        DBAllocatedStorage: '5' # optional
        DBInstanceClass: 'db.t2.micro' # optional
        DBName: '' # optional
        DBBackupRetentionPeriod: '30' # optional
        DBMasterUsername: 'master' # optional
        DBMasterUserPassword: '' # required if DBSnapshotIdentifier is not set
        DBMultiAZ: 'true' # optional
        SubDomainNameWithDot: 'postgres.' # optional
        # set this to the latest available version when launching!  Use command below to get list of engineversions available in AWS.
        # aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"
        EngineVersion: '9.6.8'
        EnableIAMDatabaseAuthentication: 'false' # optional
        DBParameterGroupName: '' # optional
        LambdaExecutionRoleArn: '' # optional
      TemplateURL: './node_modules/@cfn-modules/rds-postgres/module.yml'

Examples

Related modules

Parameters

Name Description Default Required? Allowed values
VpcModule Stack name of vpc module yes
ClientSgModule Stack name of client-sg module where traffic is allowed from on port 5432 to the database yes
AlertingModule Stack name of alerting module no
HostedZoneModule Stack name of module implementing HostedZone no
BastionModule Stack name of module implementing Bastion no
KmsKeyModule Stack name of kms-key module no
DBSnapshotIdentifier Name or Amazon Resource Name (ARN) of the DB snapshot from which you want to restore (leave blank to create an empty database) no
DBAllocatedStorage The allocated storage size, specified in GB (ignored when DBSnapshotIdentifier is set, value used from snapshot) 5 no [5-16384]
DBInstanceClass The instance type of the database db.t2.micro no
DBName Name of the database (ignored when DBSnapshotIdentifier is set, value used from snapshot) auto generated value no
DBBackupRetentionPeriod The number of days to keep snapshots of the database 35 no [0-35]
DBMasterUsername The master user name for the DB instance (ignored when DBSnapshotIdentifier is set, value used from snapshot) master no
DBMasterUserPassword The master password for the DB instance (ignored when DBSnapshotIdentifier is set, value used from snapshot) yes (no if DBSnapshotIdentifier is set)
DBMultiAZ Specifies if the database instance is deployed to multiple Availability Zones for HA true no [true, false]
SubDomainNameWithDot Name that is used to create the DNS entry with trailing dot, e.g. §{SubDomainNameWithDot}§{HostedZoneName}. Leave blank for naked (or apex and bare) domain. Requires HostedZoneModule parameter! test. no
EngineVersion PostgreSQL version 9.6.8 no set this to the version of PostgreSQL you want to use. You can run the following command to get the list of PostgreSQL versions supported by AWS RDS:
aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion"
EnableIAMDatabaseAuthentication Enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts). false no [true, false]
DBParameterGroupName Creates a new DB Parameter Group with the specified name. false no [true, false]
LambdaExecutionRoleArn Adds a role to the db instance associating it with the 'lambda' feature name. false no [true, false]

Limitations

  • Scalable: RDS instances capacity (CPU, RAM, network, ...) is limited by design
  • Monitoring: Network In+Out is not monitored according to capacity of instance type