willclark/rds.json

## rds.json
{
    "Outputs": {
        "RDSHost": {
            "Description": "Database endpoint address",
            "Value": { "Fn::GetAtt": ["RDSDatabase", "Endpoint.Address"] }
        },
        "RDSPort": {
            "Description": "Database endpoint port",
            "Value": { "Fn::GetAtt": ["RDSDatabase", "Endpoint.Port"] }
        },
        "RDSPassSecurityGroup": {
            "Description": "Security group assign to ec2 instance that need access to rds instance",
            "Value": {
                "Ref": "RDSPassSecurityGroup"
            }
        },
        "MessageQueueName": {
            "Value": {
                "Fn::GetAtt": [
                    "MessageQueue",
                    "QueueName"
                ]
            }
        },
        "MessageQueueUrl": {
            "Value": { "Ref": "MessageQueue" }
        },
        "DeadLetterQueueName": {
            "Value": {
                "Fn::GetAtt": [
                    "DeadLetterQueue",
                    "QueueName"
                ]
            }
        },
        "DeadLetterQueueUrl": {
            "Value": { "Ref": "DeadLetterQueue" }
        },
        "InstanceProfile": {
            "Description": "Instance profile that should be asigned to ec2 instance",
            "Value": {
                "Ref": "InstanceProfile"
            }
        }
    },

    "Parameters": {
        "env": {
            "Description": "Deployment environment name",
            "Type": "String"
        },
        "QueuePrefix": {
            "Description": "Message Queue Base Name",
            "Type": "String"
        },
        "DBUser": {
            "NoEcho": "false",
            "Description": "The name of master user for the client DB Instance.",
            "Type": "String",
            "ConstraintDescription": "must begin with a letter and contain only alphanumeric characters"
        },

        "DBName": {
            "NoEcho": "false",
            "Description": "The DB Name of the RDS instance",
            "Type": "String",
            "ConstraintDescription": "must contain only alphanumeric characters"
        },

        "DBPassword": {
            "NoEcho": "true",
            "Description": "The master password for the DB instance.",
            "Type": "String",
            "ConstraintDescription": "must contain only alphanumeric characters"
        }
    },

    "Resources": {
        "DeadLetterQueue": { "Type": "AWS::SQS::Queue" },
        "MessageQueue": {
            "Type": "AWS::SQS::Queue",
            "Properties": {
                "ReceiveMessageWaitTimeSeconds": 20,
                "VisibilityTimeout": 600,
                "QueueName": {
                    "Fn::Join": [
                        "-",
                        [ { "Ref": "QueuePrefix" }, { "Ref": "env" } ]
                    ]
                },
                "RedrivePolicy": {
                    "maxReceiveCount": 10,
                    "deadLetterTargetArn": {
                        "Fn::GetAtt": [
                            "DeadLetterQueue",
                            "Arn"
                        ]
                    }
                }
            }
        },
        "Role": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": [
                                    "ec2.amazonaws.com"
                                ]
                            },
                            "Action": [
                                "sts:AssumeRole"
                            ]
                        }
                    ]
                },
                "Path": "/",
                "Policies": [
                    {
                        "PolicyName": "S3Access",
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": [
                                        "s3:Get*",
                                        "s3:List*",
                                        "s3:PutObject"
                                    ],
                                    "Resource": "*"
                                }
                            ]
                        }
                    },
                    {
                        "PolicyName": "SQSAccess",
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": [
                                        "sqs:ChangeMessageVisibility",
                                        "sqs:DeleteMessage",
                                        "sqs:ReceiveMessage",
                                        "sqs:SendMessage"
                                    ],
                                    "Resource": "*"
                                }
                            ]
                        }
                    },
                    {
                        "PolicyName": "CloudWatchAccess",
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": [
                                        "cloudwatch:PutMetricData"
                                    ],
                                    "Resource": "*"
                                }
                            ]
                        }
                    },
                    {
                        "PolicyName": "DynamoPeriodicTasks",
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": [
                                        "dynamodb:BatchGetItem",
                                        "dynamodb:BatchWriteItem",
                                        "dynamodb:DeleteItem",
                                        "dynamodb:GetItem",
                                        "dynamodb:PutItem",
                                        "dynamodb:Query",
                                        "dynamodb:Scan",
                                        "dynamodb:UpdateItem"
                                    ],
                                    "Resource": "*"
                                }
                            ]
                        }
                    }
                ]
            }
        },
        "InstanceProfile": {
            "Type": "AWS::IAM::InstanceProfile",
            "Properties": {
                "Path": "/",
                "Roles": [
                    {
                        "Ref": "Role"
                    }
                ]
            }
        },
        "RDSDBSecurityGroup": {
            "Type": "AWS::RDS::DBSecurityGroup",
            "Properties": {
                "GroupDescription": "Enable database access to Beanstalk application",
                "DBSecurityGroupIngress": {
                    "EC2SecurityGroupName": {
                        "Ref": "RDSPassSecurityGroup"
                    }
                }
            }
        },

        "RDSDatabase": {
            "Type": "AWS::RDS::DBInstance",
            "DeletionPolicy": "Delete",
            "Properties": {
                "MasterUsername": {
                    "Ref": "DBUser"
                },
                "DBSecurityGroups": [
                    {
                        "Ref": "RDSDBSecurityGroup"
                    }
                ],
                "DBInstanceClass": "db.m1.small",
                "AllocatedStorage": "5",
                "MultiAZ": "false",
                "EngineVersion": "9.3.5",
                "DBName": {
                    "Ref": "DBName"
                },
                "MasterUserPassword": {
                    "Ref": "DBPassword"
                },
                "Engine": "postgres"
            }
        },

        "RDSPassSecurityGroup": {
            "Type": "AWS::EC2::SecurityGroup",
            "Properties": {
                "GroupDescription": "SecurityGroup access RDS database."
            }
        }
    }
}
	{
	"Outputs": {
	"RDSHost": {
	"Description": "Database endpoint address",
	"Value": { "Fn::GetAtt": ["RDSDatabase", "Endpoint.Address"] }
	},
	"RDSPort": {
	"Description": "Database endpoint port",
	"Value": { "Fn::GetAtt": ["RDSDatabase", "Endpoint.Port"] }
	},
	"RDSPassSecurityGroup": {
	"Description": "Security group assign to ec2 instance that need access to rds instance",
	"Value": {
	"Ref": "RDSPassSecurityGroup"
	}
	},
	"MessageQueueName": {
	"Value": {
	"Fn::GetAtt": [
	"MessageQueue",
	"QueueName"
	]
	}
	},
	"MessageQueueUrl": {
	"Value": { "Ref": "MessageQueue" }
	},
	"DeadLetterQueueName": {
	"Value": {
	"Fn::GetAtt": [
	"DeadLetterQueue",
	"QueueName"
	]
	}
	},
	"DeadLetterQueueUrl": {
	"Value": { "Ref": "DeadLetterQueue" }
	},
	"InstanceProfile": {
	"Description": "Instance profile that should be asigned to ec2 instance",
	"Value": {
	"Ref": "InstanceProfile"
	}
	}
	},

	"Parameters": {
	"env": {
	"Description": "Deployment environment name",
	"Type": "String"
	},
	"QueuePrefix": {
	"Description": "Message Queue Base Name",
	"Type": "String"
	},
	"DBUser": {
	"NoEcho": "false",
	"Description": "The name of master user for the client DB Instance.",
	"Type": "String",
	"ConstraintDescription": "must begin with a letter and contain only alphanumeric characters"
	},

	"DBName": {
	"NoEcho": "false",
	"Description": "The DB Name of the RDS instance",
	"Type": "String",
	"ConstraintDescription": "must contain only alphanumeric characters"
	},

	"DBPassword": {
	"NoEcho": "true",
	"Description": "The master password for the DB instance.",
	"Type": "String",
	"ConstraintDescription": "must contain only alphanumeric characters"
	}
	},

	"Resources": {
	"DeadLetterQueue": { "Type": "AWS::SQS::Queue" },
	"MessageQueue": {
	"Type": "AWS::SQS::Queue",
	"Properties": {
	"ReceiveMessageWaitTimeSeconds": 20,
	"VisibilityTimeout": 600,
	"QueueName": {
	"Fn::Join": [
	"-",
	[ { "Ref": "QueuePrefix" }, { "Ref": "env" } ]
	]
	},
	"RedrivePolicy": {
	"maxReceiveCount": 10,
	"deadLetterTargetArn": {
	"Fn::GetAtt": [
	"DeadLetterQueue",
	"Arn"
	]
	}
	}
	}
	},
	"Role": {
	"Type": "AWS::IAM::Role",
	"Properties": {
	"AssumeRolePolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": {
	"Service": [
	"ec2.amazonaws.com"
	]
	},
	"Action": [
	"sts:AssumeRole"
	]
	}
	]
	},
	"Path": "/",
	"Policies": [
	{
	"PolicyName": "S3Access",
	"PolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"s3:Get*",
	"s3:List*",
	"s3:PutObject"
	],
	"Resource": "*"
	}
	]
	}
	},
	{
	"PolicyName": "SQSAccess",
	"PolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"sqs:ChangeMessageVisibility",
	"sqs:DeleteMessage",
	"sqs:ReceiveMessage",
	"sqs:SendMessage"
	],
	"Resource": "*"
	}
	]
	}
	},
	{
	"PolicyName": "CloudWatchAccess",
	"PolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"cloudwatch:PutMetricData"
	],
	"Resource": "*"
	}
	]
	}
	},
	{
	"PolicyName": "DynamoPeriodicTasks",
	"PolicyDocument": {
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"dynamodb:BatchGetItem",
	"dynamodb:BatchWriteItem",
	"dynamodb:DeleteItem",
	"dynamodb:GetItem",
	"dynamodb:PutItem",
	"dynamodb:Query",
	"dynamodb:Scan",
	"dynamodb:UpdateItem"
	],
	"Resource": "*"
	}
	]
	}
	}
	]
	}
	},
	"InstanceProfile": {
	"Type": "AWS::IAM::InstanceProfile",
	"Properties": {
	"Path": "/",
	"Roles": [
	{
	"Ref": "Role"
	}
	]
	}
	},
	"RDSDBSecurityGroup": {
	"Type": "AWS::RDS::DBSecurityGroup",
	"Properties": {
	"GroupDescription": "Enable database access to Beanstalk application",
	"DBSecurityGroupIngress": {
	"EC2SecurityGroupName": {
	"Ref": "RDSPassSecurityGroup"
	}
	}
	}
	},

	"RDSDatabase": {
	"Type": "AWS::RDS::DBInstance",
	"DeletionPolicy": "Delete",
	"Properties": {
	"MasterUsername": {
	"Ref": "DBUser"
	},
	"DBSecurityGroups": [
	{
	"Ref": "RDSDBSecurityGroup"
	}
	],
	"DBInstanceClass": "db.m1.small",
	"AllocatedStorage": "5",
	"MultiAZ": "false",
	"EngineVersion": "9.3.5",
	"DBName": {
	"Ref": "DBName"
	},
	"MasterUserPassword": {
	"Ref": "DBPassword"
	},
	"Engine": "postgres"
	}
	},

	"RDSPassSecurityGroup": {
	"Type": "AWS::EC2::SecurityGroup",
	"Properties": {
	"GroupDescription": "SecurityGroup access RDS database."
	}
	}
	}
	}