slushysnowman/aurora-cluster.yml

## aurora-cluster.yml
AWSTemplateFormatVersion: 2010-09-09
Description: This creates an Aurora RDS cluster with 2 instances and using Secrets Manger to generate and store the password

Parameters:
  SubnetA:
    Description: Subnets to use for Aurora deployment
    Type: AWS::EC2::Subnet::Id

  SubnetB:
    Description: Subnets to use for Aurora deployment
    Type: AWS::EC2::Subnet::Id


  DefaultSecurityGroup:
    Description: Default VPC security group
    Type: AWS::EC2::SecurityGroup::Id

  KmsKeyId:
    Description: KMS Key ID to use for encrypting secrets
    Type: String

  DBName:
    Description: Name of database
    Type: String

  DBInstanceType:
    Description: Instance type for instances in the Aurora cluster
    Type: String

  DeleteAutomatedBackups:
    Description: Defines whether to keep automated database backups when DB instance deleted
    Type: String

  DeletionProtection:
    Description: Defines whether deletion protection should be enabled
    Type: String

Resources:
  DBSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: Subnet group that Aurora instances are deployed into
      DBSubnetGroupName: aurora-subnet-group
      SubnetIds:
        - !Ref SubnetA
        - !Ref SubnetB

# Creates custom DB Parameter Group
  DBParameterGroup:
    Type: AWS::RDS::DBParameterGroup
    Properties:
      Description: Custom parameter group for instances in Aurora cluster
      Family: aurora-mysql5.7
      Parameters:
        max_allowed_packet: '134217728'
      Tags:
        - Key: Name
          Value: aurora-parameter-group

  DBCluster:
    Type: AWS::RDS::DBCluster
    Properties:
      BackupRetentionPeriod: 7
      DatabaseName: !Ref DBName
      DBClusterParameterGroupName: default.aurora-mysql5.7
      DBSubnetGroupName: !Ref DBSubnetGroup
      DeletionProtection: !Ref DeletionProtection
      Engine: aurora-mysql
      EngineMode: provisioned
      EngineVersion: 5.7.12
      MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:username}}' ]]
      MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:password}}' ]]
      Port: 3306
      PreferredBackupWindow: 00:00-00:30
      PreferredMaintenanceWindow: Sun:23:00-Sun:23:30
      StorageEncrypted: true
      Tags:
        - Key: Name
          Value: DBCluster
      VpcSecurityGroupIds:
        - !Ref DefaultSecurityGroup

  DBInstanceA:
    Type: AWS::RDS::DBInstance
    Properties:
      DBClusterIdentifier: !Ref DBCluster
      DBInstanceClass: !Ref DBInstanceType
      DBParameterGroupName: !Ref DBParameterGroup
      DBSubnetGroupName: !Ref DBSubnetGroup
      DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
      Engine: aurora-mysql

  DBInstanceB:
    Type: AWS::RDS::DBInstance
    Properties:
      DBClusterIdentifier: !Ref DBCluster
      DBInstanceClass: !Ref DBInstanceType
      DBParameterGroupName: !Ref DBParameterGroup
      DBSubnetGroupName: !Ref DBSubnetGroup
      DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
      Engine: aurora-mysql

  DBSecret:
    Type: AWS::SecretsManager::Secret
    Properties:
      Description: Username and password for database
      KmsKeyId: !Ref KmsKeyId
      GenerateSecretString:
        GenerateStringKey: "password"
        PasswordLength: 20
        SecretStringTemplate: '{"username": "master-user"}'
        ExcludePunctuation: True
      Tags:
        - Key: Name
          Value: db-secret
      Name: DBSecret

  DBSecretAttachment:
    Type: AWS::SecretsManager::SecretTargetAttachment
    Properties:
      SecretId: !Ref DBSecret
      TargetId: !Ref DBCluster
      TargetType: AWS::RDS::DBCluster
	AWSTemplateFormatVersion: 2010-09-09
	Description: This creates an Aurora RDS cluster with 2 instances and using Secrets Manger to generate and store the password

	Parameters:
	SubnetA:
	Description: Subnets to use for Aurora deployment
	Type: AWS::EC2::Subnet::Id

	SubnetB:
	Description: Subnets to use for Aurora deployment
	Type: AWS::EC2::Subnet::Id


	DefaultSecurityGroup:
	Description: Default VPC security group
	Type: AWS::EC2::SecurityGroup::Id

	KmsKeyId:
	Description: KMS Key ID to use for encrypting secrets
	Type: String

	DBName:
	Description: Name of database
	Type: String

	DBInstanceType:
	Description: Instance type for instances in the Aurora cluster
	Type: String

	DeleteAutomatedBackups:
	Description: Defines whether to keep automated database backups when DB instance deleted
	Type: String

	DeletionProtection:
	Description: Defines whether deletion protection should be enabled
	Type: String

	Resources:
	DBSubnetGroup:
	Type: AWS::RDS::DBSubnetGroup
	Properties:
	DBSubnetGroupDescription: Subnet group that Aurora instances are deployed into
	DBSubnetGroupName: aurora-subnet-group
	SubnetIds:
	- !Ref SubnetA
	- !Ref SubnetB

	# Creates custom DB Parameter Group
	DBParameterGroup:
	Type: AWS::RDS::DBParameterGroup
	Properties:
	Description: Custom parameter group for instances in Aurora cluster
	Family: aurora-mysql5.7
	Parameters:
	max_allowed_packet: '134217728'
	Tags:
	- Key: Name
	Value: aurora-parameter-group

	DBCluster:
	Type: AWS::RDS::DBCluster
	Properties:
	BackupRetentionPeriod: 7
	DatabaseName: !Ref DBName
	DBClusterParameterGroupName: default.aurora-mysql5.7
	DBSubnetGroupName: !Ref DBSubnetGroup
	DeletionProtection: !Ref DeletionProtection
	Engine: aurora-mysql
	EngineMode: provisioned
	EngineVersion: 5.7.12
	MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:username}}' ]]
	MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref DBSecret, ':SecretString:password}}' ]]
	Port: 3306
	PreferredBackupWindow: 00:00-00:30
	PreferredMaintenanceWindow: Sun:23:00-Sun:23:30
	StorageEncrypted: true
	Tags:
	- Key: Name
	Value: DBCluster
	VpcSecurityGroupIds:
	- !Ref DefaultSecurityGroup

	DBInstanceA:
	Type: AWS::RDS::DBInstance
	Properties:
	DBClusterIdentifier: !Ref DBCluster
	DBInstanceClass: !Ref DBInstanceType
	DBParameterGroupName: !Ref DBParameterGroup
	DBSubnetGroupName: !Ref DBSubnetGroup
	DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
	Engine: aurora-mysql

	DBInstanceB:
	Type: AWS::RDS::DBInstance
	Properties:
	DBClusterIdentifier: !Ref DBCluster
	DBInstanceClass: !Ref DBInstanceType
	DBParameterGroupName: !Ref DBParameterGroup
	DBSubnetGroupName: !Ref DBSubnetGroup
	DeleteAutomatedBackups: !Ref DeleteAutomatedBackups
	Engine: aurora-mysql

	DBSecret:
	Type: AWS::SecretsManager::Secret
	Properties:
	Description: Username and password for database
	KmsKeyId: !Ref KmsKeyId
	GenerateSecretString:
	GenerateStringKey: "password"
	PasswordLength: 20
	SecretStringTemplate: '{"username": "master-user"}'
	ExcludePunctuation: True
	Tags:
	- Key: Name
	Value: db-secret
	Name: DBSecret

	DBSecretAttachment:
	Type: AWS::SecretsManager::SecretTargetAttachment
	Properties:
	SecretId: !Ref DBSecret
	TargetId: !Ref DBCluster
	TargetType: AWS::RDS::DBCluster