Created
October 4, 2022 20:19
-
-
Save sestok/28f746893721af5f686f0319fb2708dc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormationVersion: "2010-09-09" | |
Transform: "AWS::Serverless-2016-10-31" | |
Description: AWS | |
Parameters: | |
pPrivateSubnetId1: | |
Description: AWS RDS Global DB subnet 1 Goupd Id | |
Type: String | |
pPrivateSubnetId2: | |
Description: AWS RDS Global DB subnet 2 Goupd Id | |
Type: String | |
pPrivateSubnetId3: | |
Description: AWS RDS Global DB subnet 3 Goupd Id | |
Type: String | |
pDatabaseInstanceClass: | |
Description: Database Instance Type | |
Type: String | |
pDatabaseEngineType: | |
Description: Database Engine Type | |
Type: String | |
pDatabaseEngineVersion: | |
Description: Database Engine Version | |
Type: String | |
Resources: | |
rDBSubnetGroup: | |
Type: "AWS::RDS::DBSubnetGroup" | |
Properties: | |
DBSubnetGroupDescription: Database Subnet Group for Postgres RDS Instance | |
SubnetIds: | |
-!Ref pPrivateSubnetId1 | |
-!Ref pPrivateSubnetId2 | |
-!Ref pPrivateSubnetId3 | |
rGlobalDatabseCmResource: | |
Type: Custom::rGlobalDatabseCm | |
Depends: | |
-rDBSubnetGroup | |
Properties: | |
GlobalClusterId: "global-db-cluster" | |
ClusterId: !Sub "regional-db-cluster-{AWS::Region}" | |
Region: !Ref AWS::Region | |
ServiceToken: !Ref rGlobalDatabseFunction.Arn | |
rGlobalDatabaseRolePolicy: | |
Type: AWS::IAM::ManagedPolicy | |
Properties: | |
Description: "Global Database Role Policy" | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
-Effect: Allow | |
Action: | |
-kms:* | |
Resource: '*' | |
-Effect: Allow | |
Action: | |
-logs:* | |
Resource: '*' | |
-Effect: Allow | |
Action: | |
-lambda:* | |
Resource: '*' | |
-Effect: Allow | |
Action: | |
-states:* | |
Resource: '*' | |
-Effect: Allow | |
Action: | |
- cloudformation:* | |
Resource: '*' | |
-Effect: Allow | |
Action: | |
- rds:* | |
Resource: '*' | |
-Effect: Allow | |
Action: | |
- ec2:* | |
Resource: '*' | |
rGlobalDatabaseRole: | |
Type: 'AWS::IAM::Role' | |
Properties: | |
RoleName: "global-database-role" | |
AssumeRolePolicyDocument: | |
Version: 2012-10-17 | |
Statment: | |
-Sid: 'lambda-execution' | |
Effect: Allow | |
Prinipal: | |
Service: lambda.azmazonaws.com | |
Action: "sts:AssumeRole" | |
-Sid: 'state-machine-execution' | |
Effect: Allow | |
Prinipal: | |
Service: states.azmazonaws.com | |
Action: "sts:AssumeRole" | |
Path:/ | |
ManagedPolicyArns: | |
-!Ref rGlobalDatabaeRolePolicy | |
rGlobalDatabaseFunction: | |
Type: AWS::Severless::Function | |
Properties: | |
Function: "Global-Database-Lambda" | |
Handler: global_rds_db.handler | |
Runtime: Python3.9 | |
Timeout: 300 | |
MemorySize: 128 | |
Role: !GetAtt rGlobalDatabaseRole | |
codeUri: | |
Bucket: '<s3 bucket path>' | |
Key: '<file key name>' | |
rLaunchDatabseInstanceFunction: | |
Type: AWS::Severless::Function | |
Properties: | |
Function: "Launch-Database-Instance-Lambda" | |
Handler: deploy_database_instance.handler | |
Runtime: Python3.9 | |
Timeout: 300 | |
MemorySize: 128 | |
Role: !GetAtt rGlobalDatabaseRole | |
codeUri: | |
Bucket: '<s3 bucket path>' | |
Key: '<file key name>' | |
rExecuteStateMachineFunction: | |
Type: AWS::Severless::Function | |
Properties: | |
Function: "Execute-Statemachine-Lambda" | |
Handler: statemachine_execute.handler | |
Runtime: Python3.9 | |
Timeout: 300 | |
MemorySize: 128 | |
Role: !GetAtt rGlobalDatabaseRole | |
codeUri: | |
Bucket: '<s3 bucket path>' | |
Key: '<file key name>' | |
rSateMachineStatusFunction: | |
Type: AWS::Severless::Function | |
Properties: | |
Function: "Statemachine-Status-Lambda" | |
Handler: statemachine_status.handler | |
Runtime: Python3.9 | |
Timeout: 300 | |
MemorySize: 128 | |
Role: !GetAtt rGlobalDatabaseRole | |
codeUri: | |
Bucket: '<s3 bucket path>' | |
Key: '<file key name>' | |
rDeployDabaseInstance: | |
Type: AWS::StepFunction::StateMachine | |
Properties: | |
RoleArn: | |
DefinitionString: !Sub | | |
{ | |
"Comment": "State Machine for deploying Dababase Instances" | |
"StartAt": "invoke_db_instances_deploy" | |
"invoke_db_instances_deploy":{ | |
"Type": "Task", | |
"Resource": "arn:aws:states:::labmbda:invoke", | |
"Parameters": { | |
"FunctionName": "${rLaunchDatabseInstanceFunction}", | |
"Payload": { | |
"Input": { | |
"StackName": "database-instances", | |
"Parameters":{ | |
"pDatabaseSubnetGroup": "${rDBSubnetGroup}" | |
"pDatabaseInstanceClass": "${pDatabaseInstanceClass}" | |
}, | |
"Input.$": "$$.Execution.Input" | |
} | |
} | |
}, | |
"Next": "get_database_isntance_status", | |
}, | |
"get_database_isntance_status": { | |
"ResultPath": "$.status", | |
"Type": "Task", | |
"Resource": "arn:aws:status:::lambda:invoke", | |
"Parameters: { | |
"Input": { | |
"StackName": "database-instances", | |
"Input.$": "$.Execution.Input", | |
} | |
} | |
"Next": "wait_30_seconds", | |
}, | |
"wait_30_seconds": { | |
"Type": "Wait", | |
"Seconds": 30, | |
"Next": "status_check" | |
} | |
"status_check":{ | |
"Type": "Choice", | |
"Choices": [ | |
"Not":{ | |
"Variable": "$.status", | |
"StringEquals": "WAIT" | |
}, | |
"Next": "Finish" | |
} | |
], | |
"Default": "get_database_isntance_status" | |
}, | |
"Finish":{ | |
"Type": "Pass", | |
"Result": "DBInstanceStackeCompleted" | |
"End": true | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment