sestok/AWS_Aurora_CloudFormation_Automation.yml

## AWS_Aurora_CloudFormation_Automation.yml
AWSTemplateFormationVersion: "2010-09-09"
Transform: "AWS::Serverless-2016-10-31"
Description: AWS

Parameters:
  pPrivateSubnetId1:
    Description: AWS RDS Global DB subnet 1 Goupd Id
    Type: String

  pPrivateSubnetId2:
    Description: AWS RDS Global DB subnet 2 Goupd Id
    Type: String

  pPrivateSubnetId3:
    Description: AWS RDS Global DB subnet 3 Goupd Id
    Type: String

 pDatabaseInstanceClass:
    Description: Database Instance Type
    Type: String

 pDatabaseEngineType:
 	Description: Database Engine Type
    Type: String

 pDatabaseEngineVersion:
 	Description: Database Engine Version
    Type: String

 Resources:

   rDBSubnetGroup:
     Type: "AWS::RDS::DBSubnetGroup"
     Properties:
       DBSubnetGroupDescription: Database Subnet Group for  Postgres RDS Instance
       SubnetIds:
       -!Ref pPrivateSubnetId1
       -!Ref pPrivateSubnetId2
       -!Ref pPrivateSubnetId3

    rGlobalDatabseCmResource:
    	Type: Custom::rGlobalDatabseCm
        Depends:
          -rDBSubnetGroup
        Properties:
          GlobalClusterId: "global-db-cluster"
          ClusterId: !Sub "regional-db-cluster-{AWS::Region}"
          Region: !Ref AWS::Region
          ServiceToken: !Ref rGlobalDatabseFunction.Arn

    rGlobalDatabaseRolePolicy:
      Type: AWS::IAM::ManagedPolicy
      Properties:
        Description: "Global Database Role Policy"
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
            -Effect: Allow
             Action:
               -kms:*
             Resource: '*'
            -Effect: Allow
             Action:
               -logs:*
             Resource: '*'
            -Effect: Allow
             Action:
               -lambda:*
             Resource: '*'
            -Effect: Allow
             Action:
               -states:*
             Resource: '*'
            -Effect: Allow
             Action:
               - cloudformation:*
             Resource: '*'
            -Effect: Allow
             Action:
               - rds:*
             Resource: '*'
            -Effect: Allow
             Action:
               - ec2:*
             Resource: '*'

    rGlobalDatabaseRole:
      Type: 'AWS::IAM::Role'
      Properties:
      	RoleName: "global-database-role"
        AssumeRolePolicyDocument:
          Version: 2012-10-17
          Statment:
             -Sid: 'lambda-execution'
              Effect: Allow
              Prinipal:
                Service: lambda.azmazonaws.com
              Action: "sts:AssumeRole"
             -Sid: 'state-machine-execution'
              Effect: Allow
              Prinipal:
               Service: states.azmazonaws.com
              Action: "sts:AssumeRole"
         Path:/
         ManagedPolicyArns:
          -!Ref rGlobalDatabaeRolePolicy

    rGlobalDatabaseFunction:
    	Type: AWS::Severless::Function
        Properties:
        	Function: "Global-Database-Lambda"
            Handler: global_rds_db.handler
            Runtime: Python3.9
            Timeout: 300
            MemorySize: 128
            Role: !GetAtt rGlobalDatabaseRole
            codeUri:
              Bucket: '<s3 bucket path>'
              Key: '<file key name>'

    rLaunchDatabseInstanceFunction:
    	Type: AWS::Severless::Function
        Properties:
        	Function: "Launch-Database-Instance-Lambda"
            Handler: deploy_database_instance.handler
            Runtime: Python3.9
            Timeout: 300
            MemorySize: 128
            Role: !GetAtt rGlobalDatabaseRole
            codeUri:
              Bucket: '<s3 bucket path>'
              Key: '<file key name>'

    rExecuteStateMachineFunction:
    	Type: AWS::Severless::Function
        Properties:
        	Function: "Execute-Statemachine-Lambda"
            Handler: statemachine_execute.handler
            Runtime: Python3.9
            Timeout: 300
            MemorySize: 128
            Role: !GetAtt rGlobalDatabaseRole
            codeUri:
              Bucket: '<s3 bucket path>'
              Key: '<file key name>'

    rSateMachineStatusFunction:
    	Type: AWS::Severless::Function
        Properties:
        	Function: "Statemachine-Status-Lambda"
            Handler: statemachine_status.handler
            Runtime: Python3.9
            Timeout: 300
            MemorySize: 128
            Role: !GetAtt rGlobalDatabaseRole
            codeUri:
              Bucket: '<s3 bucket path>'
              Key: '<file key name>'

   rDeployDabaseInstance:
      Type: AWS::StepFunction::StateMachine
      Properties:
        RoleArn:
        DefinitionString: !Sub |
        {
          "Comment": "State Machine for deploying Dababase Instances"
          "StartAt": "invoke_db_instances_deploy"
          "invoke_db_instances_deploy":{
              "Type": "Task",
              "Resource": "arn:aws:states:::labmbda:invoke",
              "Parameters": {
                    "FunctionName": "${rLaunchDatabseInstanceFunction}",
                    "Payload": {
                        "Input": {
                            "StackName": "database-instances",
                            "Parameters":{
                                "pDatabaseSubnetGroup": "${rDBSubnetGroup}"
                                "pDatabaseInstanceClass": "${pDatabaseInstanceClass}"
                            },
                            "Input.$": "$$.Execution.Input"
                        }
                     }

               },
               "Next": "get_database_isntance_status",
           },
           "get_database_isntance_status": {
           		"ResultPath": "$.status",
                "Type": "Task",
                "Resource": "arn:aws:status:::lambda:invoke",
                "Parameters: {
                	"Input": {
                    	"StackName": "database-instances",
                        "Input.$": "$.Execution.Input",
                    }
                }
                "Next": "wait_30_seconds",
           },
           "wait_30_seconds": {
           	 "Type": "Wait",
             "Seconds": 30,
             "Next": "status_check"

           }
           "status_check":{
                "Type": "Choice",
                "Choices": [
                    "Not":{
                        "Variable": "$.status",
                        "StringEquals": "WAIT"
                    },
                    "Next": "Finish"
                   }
                ],
                "Default": "get_database_isntance_status"

            },
           "Finish":{
             "Type": "Pass",
             "Result": "DBInstanceStackeCompleted"
             "End": true
           }

        }
	AWSTemplateFormationVersion: "2010-09-09"
	Transform: "AWS::Serverless-2016-10-31"
	Description: AWS

	Parameters:
	pPrivateSubnetId1:
	Description: AWS RDS Global DB subnet 1 Goupd Id
	Type: String

	pPrivateSubnetId2:
	Description: AWS RDS Global DB subnet 2 Goupd Id
	Type: String

	pPrivateSubnetId3:
	Description: AWS RDS Global DB subnet 3 Goupd Id
	Type: String

	pDatabaseInstanceClass:
	Description: Database Instance Type
	Type: String

	pDatabaseEngineType:
	Description: Database Engine Type
	Type: String

	pDatabaseEngineVersion:
	Description: Database Engine Version
	Type: String

	Resources:

	rDBSubnetGroup:
	Type: "AWS::RDS::DBSubnetGroup"
	Properties:
	DBSubnetGroupDescription: Database Subnet Group for Postgres RDS Instance
	SubnetIds:
	-!Ref pPrivateSubnetId1
	-!Ref pPrivateSubnetId2
	-!Ref pPrivateSubnetId3

	rGlobalDatabseCmResource:
	Type: Custom::rGlobalDatabseCm
	Depends:
	-rDBSubnetGroup
	Properties:
	GlobalClusterId: "global-db-cluster"
	ClusterId: !Sub "regional-db-cluster-{AWS::Region}"
	Region: !Ref AWS::Region
	ServiceToken: !Ref rGlobalDatabseFunction.Arn

	rGlobalDatabaseRolePolicy:
	Type: AWS::IAM::ManagedPolicy
	Properties:
	Description: "Global Database Role Policy"
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	-Effect: Allow
	Action:
	-kms:*
	Resource: '*'
	-Effect: Allow
	Action:
	-logs:*
	Resource: '*'
	-Effect: Allow
	Action:
	-lambda:*
	Resource: '*'
	-Effect: Allow
	Action:
	-states:*
	Resource: '*'
	-Effect: Allow
	Action:
	- cloudformation:*
	Resource: '*'
	-Effect: Allow
	Action:
	- rds:*
	Resource: '*'
	-Effect: Allow
	Action:
	- ec2:*
	Resource: '*'

	rGlobalDatabaseRole:
	Type: 'AWS::IAM::Role'
	Properties:
	RoleName: "global-database-role"
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statment:
	-Sid: 'lambda-execution'
	Effect: Allow
	Prinipal:
	Service: lambda.azmazonaws.com
	Action: "sts:AssumeRole"
	-Sid: 'state-machine-execution'
	Effect: Allow
	Prinipal:
	Service: states.azmazonaws.com
	Action: "sts:AssumeRole"
	Path:/
	ManagedPolicyArns:
	-!Ref rGlobalDatabaeRolePolicy

	rGlobalDatabaseFunction:
	Type: AWS::Severless::Function
	Properties:
	Function: "Global-Database-Lambda"
	Handler: global_rds_db.handler
	Runtime: Python3.9
	Timeout: 300
	MemorySize: 128
	Role: !GetAtt rGlobalDatabaseRole
	codeUri:
	Bucket: '<s3 bucket path>'
	Key: '<file key name>'

	rLaunchDatabseInstanceFunction:
	Type: AWS::Severless::Function
	Properties:
	Function: "Launch-Database-Instance-Lambda"
	Handler: deploy_database_instance.handler
	Runtime: Python3.9
	Timeout: 300
	MemorySize: 128
	Role: !GetAtt rGlobalDatabaseRole
	codeUri:
	Bucket: '<s3 bucket path>'
	Key: '<file key name>'

	rExecuteStateMachineFunction:
	Type: AWS::Severless::Function
	Properties:
	Function: "Execute-Statemachine-Lambda"
	Handler: statemachine_execute.handler
	Runtime: Python3.9
	Timeout: 300
	MemorySize: 128
	Role: !GetAtt rGlobalDatabaseRole
	codeUri:
	Bucket: '<s3 bucket path>'
	Key: '<file key name>'

	rSateMachineStatusFunction:
	Type: AWS::Severless::Function
	Properties:
	Function: "Statemachine-Status-Lambda"
	Handler: statemachine_status.handler
	Runtime: Python3.9
	Timeout: 300
	MemorySize: 128
	Role: !GetAtt rGlobalDatabaseRole
	codeUri:
	Bucket: '<s3 bucket path>'
	Key: '<file key name>'

	rDeployDabaseInstance:
	Type: AWS::StepFunction::StateMachine
	Properties:
	RoleArn:
	DefinitionString: !Sub \|
	{
	"Comment": "State Machine for deploying Dababase Instances"
	"StartAt": "invoke_db_instances_deploy"
	"invoke_db_instances_deploy":{
	"Type": "Task",
	"Resource": "arn:aws:states:::labmbda:invoke",
	"Parameters": {
	"FunctionName": "${rLaunchDatabseInstanceFunction}",
	"Payload": {
	"Input": {
	"StackName": "database-instances",
	"Parameters":{
	"pDatabaseSubnetGroup": "${rDBSubnetGroup}"
	"pDatabaseInstanceClass": "${pDatabaseInstanceClass}"
	},
	"Input.$": "$$.Execution.Input"
	}
	}

	},
	"Next": "get_database_isntance_status",
	},
	"get_database_isntance_status": {
	"ResultPath": "$.status",
	"Type": "Task",
	"Resource": "arn:aws:status:::lambda:invoke",
	"Parameters: {
	"Input": {
	"StackName": "database-instances",
	"Input.$": "$.Execution.Input",
	}
	}
	"Next": "wait_30_seconds",
	},
	"wait_30_seconds": {
	"Type": "Wait",
	"Seconds": 30,
	"Next": "status_check"

	}
	"status_check":{
	"Type": "Choice",
	"Choices": [
	"Not":{
	"Variable": "$.status",
	"StringEquals": "WAIT"
	},
	"Next": "Finish"
	}
	],
	"Default": "get_database_isntance_status"

	},
	"Finish":{
	"Type": "Pass",
	"Result": "DBInstanceStackeCompleted"
	"End": true
	}

	}