Create RDS using Cloud Formation
Today we have a different proposal instead of using terraform, which helps us a lot. I decided to propose a different challenge and start making some components being created via Cloud Formation. The result I will show below is very interesting for AWS users, Sysadmins, DevOps, and Cloud professionals.
An RDS, IAM role and VPC will be created via CloudFormation
AWSTemplateFormatVersion: "2010-09-09"
Description: Create an RDS instance, IAM role, and CloudWatch alarm
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
MyRDSInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceIdentifier: epma-rds
AllocatedStorage: 20
DBInstanceClass: db.t2.micro
Engine: mysql
MasterUsername: admin
MasterUserPassword: adminpassword
VPCSecurityGroups:
- !Ref MyDBSecurityGroup
AvailabilityZone: us-east-1a
DBSubnetGroupName: !Ref MyDBSubnetGroup
MultiAZ: false
MyDBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for RDS instance
VpcId: !Ref MyVPC
MyDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupName: epma-rds-subnet-group
DBSubnetGroupDescription: Subnet group for RDS instance
SubnetIds:
- !Ref MySubnet1
- !Ref MySubnet2
MySubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
AvailabilityZone: us-east-1a
CidrBlock: 10.0.0.0/24
MySubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
AvailabilityZone: us-east-1b
CidrBlock: 10.0.1.0/24
MyIAMRole:
Type: AWS::IAM::Role
Properties:
RoleName: epma-rds-role
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: rds.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: RDSAccessPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- rds:CreateDBSnapshot
- rds:DeleteDBSnapshot
- rds:DescribeDBSnapshots
- rds:DescribeDBInstances
Resource: "*"
MyCloudWatchAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: RDSFreeStorageSpaceAlarm
ComparisonOperator: LessThanThreshold
EvaluationPeriods: 1
MetricName: FreeStorageSpace
Namespace: AWS/RDS
Period: 300
Statistic: Average
Threshold: 1000000000 # 1 GB
AlarmDescription: Alarm if free storage space drops below 1GB
AlarmActions:
- !Ref MySNSTopic
MySNSTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: RDSAlarmTopic
TopicName: RDSAlarmTopic
Outputs:
RDSInstanceEndpoint:
Description: Endpoint of the RDS instance
Value: !GetAtt MyRDSInstance.Endpoint.AddressThis template creates the following resources:
- VPC (MyVPC)
- RDS instance (MyRDSInstance) with the specified parameters.
- Security group (MyDBSecurityGroup) for the RDS instance.
- DB subnet group (MyDBSubnetGroup) for the RDS instance.
- Subnets (MySubnet1 and MySubnet2) in the VPC.
- IAM role (MyIAMRole) with the necessary permissions for RDS.
- CloudWatch alarm (MyCloudWatchAlarm) to monitor free storage space. (Optional)
- SNS topic (MySNSTopic) for CloudWatch alarm notifications.
I will do the process via the AWS console for those who have never used CloudFormation, go to Console — Cloud Formation — Create a new stack and then follow the screens step by step.
Take my code above and open the view design and paste the code there.
I just made one small change — I shortened the name.
To remove and destroy the environment, just delete the stack.
Thank you for your support and if you can help me, please like and share with your friends. And if you can also follow me, that will give me more reason to write. If you have any questions, you can write in the comments.
