---
AWSTemplateFormatVersion: 2010-09-09

Description: Reference Architecture to host Moodle on AWS - Creates RDS Aurora MySQL or PostgreSQL database cluster

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Database Parameters
      Parameters:
        - DatabaseType
        - DatabaseInstanceType
        # - DatabaseMasterUsername
        # - DatabaseMasterPassword
        - DatabaseName
        - DatabaseEncryptedBoolean
        - DatabaseCmk
        - DatabaseSecurityGroup
        - NumberOfSubnets
        - Subnet
    ParameterLabels:
      DatabaseType:
        default: Aurora database type
      DatabaseEncryptedBoolean:
        default: Encrypted DB Cluster
      DatabaseCmk:
        default: AWS KMS Customer Master Key (CMK) to encrypt DB 
      DatabaseInstanceType:
        default: DB Instance Class 
      # DatabaseMasterUsername:
      #   default: DB Master Username
      # DatabaseMasterPassword:
      #   default: DB Master Password
      DatabaseName:
        default: DB Name
      DatabaseSecurityGroup:
        default: DB Security Group
      NumberOfSubnets:
        default: Number of subnets
      Subnet:
        default: Subnets

Parameters:
  DatabaseType:
    AllowedValues:
      - MySQL
      - PostgreSQL
    Default: PostgreSQL
    Description: Indicates whether to use Aurora MySQL or PostgreSQL.
    Type: String
  DatabaseEncryptedBoolean:
    AllowedValues:
      - true
      - false
    Default: True
    Description: Indicates whether the DB instances in the cluster are encrypted.
    Type: String
  DatabaseCmk:
    Description: AWS KMS Customer Master Key (CMK) to encrypt database cluster
    Type: String
  DatabaseInstanceType:
    AllowedValues:
      - db.t3.medium
      - db.t3.large
      - db.r5.large
      - db.r5.xlarge
      - db.r5.2xlarge
      - db.r5.4xlarge
      - db.r5.8xlarge
      - db.r5.12xlarge
      - db.r5.16xlarge
      - db.r6g.large
      - db.r6g.xlarge
      - db.r6g.2xlarge
      - db.r6g.4xlarge
      - db.r6g.8xlarge
      - db.r6g.12xlarge
      - db.r6g.16xlarge
    ConstraintDescription: Must be a valid Aurora RDS instance type.
    Default: db.r6g.large
    Description: Amazon Aurora RDS database instance type
    Type: String
  RDSInstanceSecretArn:
    Type: String
  DatabaseName:
    AllowedPattern: ^([a-zA-Z0-9]*)$
    Description: Amazon Aurora RDS master database name
    Type: String
  DatabaseSecurityGroup:
    Description: Database security group
    Type: AWS::EC2::SecurityGroup::Id
  NumberOfSubnets:
    AllowedValues:
    - 1
    - 2
    - 3
    Default: 2
    Description: Number of subnets. This must match your selections in the list of subnets below.
    Type: String
  Subnet:
    Description: Select existing subnets. The number selected must match the number of subnets above. Subnets selected must be in separate AZs.
    Type: List<AWS::EC2::Subnet::Id>
  ProjectName:
    AllowedPattern: ^([a-zA-Z0-9]*)$
    Default: App
    Description: Moodle Project Name
    Type: String

Conditions:
  UseMySQL:
    !Equals [!Ref DatabaseType, MySQL]
  UsePostgreSQL:
    !Equals [!Ref DatabaseType, PostgreSQL]
  NumberOfSubnets1:
      !Equals [ 1, !Ref NumberOfSubnets ]
  NumberOfSubnets2:
      !Equals [ 2, !Ref NumberOfSubnets ]
  NumberOfSubnets3:
      !Equals [ 3, !Ref NumberOfSubnets ]
  Subnet0: !Or
    - !Condition NumberOfSubnets1
    - !Condition NumberOfSubnets2
    - !Condition NumberOfSubnets3
  Subnet1: !Or
    - !Condition NumberOfSubnets2
    - !Condition NumberOfSubnets3
  Subnet2: !Condition NumberOfSubnets3
  UseAWS-ManagedCMK:
    !Equals ['', !Ref DatabaseCmk]

Resources:
  DatabaseCluster:
    Type: AWS::RDS::DBCluster
    Properties:
      BackupRetentionPeriod: 30
      DatabaseName: !Ref DatabaseName
      DBSubnetGroupName: !Ref DataSubnetGroup
      Engine:
        !If [ UsePostgreSQL, aurora-postgresql, aurora-mysql ]
      DBClusterParameterGroupName:
        !If [ UsePostgreSQL, default.aurora-postgresql13, default.aurora-mysql8.0 ]     
      EngineVersion:  
        !If [ UsePostgreSQL, '13.8', '8.0.mysql_aurora.3.02.1' ]
      KmsKeyId:
        !If [ UseAWS-ManagedCMK, !Ref 'AWS::NoValue', !Ref DatabaseCmk ]
      MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref RDSInstanceSecretArn, ':SecretString:username}}' ]]
      MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref RDSInstanceSecretArn, ':SecretString:password}}' ]]
      Port:
        !If [ UsePostgreSQL, 5432, 3306 ]
      StorageEncrypted: !Ref DatabaseEncryptedBoolean
      Tags:
        - Key: Name
          Value: !Join [ '', [ 'Moodle / ', !Ref 'AWS::StackName' ] ]
      VpcSecurityGroupIds:
      - !Ref DatabaseSecurityGroup
  DatabaseInstance0:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Delete
    Properties:
      AllowMajorVersionUpgrade: false
      AutoMinorVersionUpgrade: true
      DBClusterIdentifier: !Ref DatabaseCluster
      DBInstanceClass: !Ref DatabaseInstanceType
      DBSubnetGroupName: !Ref DataSubnetGroup
      Engine:
        !If [ UsePostgreSQL, aurora-postgresql, aurora-mysql ]
      Tags:
        - Key: Name
          Value: !Join [ '', [ 'Moodle / ', !Ref 'AWS::StackName' ] ]
  DatabaseInstance1:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Delete
    Properties:
      AllowMajorVersionUpgrade: false
      AutoMinorVersionUpgrade: true
      DBClusterIdentifier: !Ref DatabaseCluster
      DBInstanceClass: !Ref DatabaseInstanceType
      DBSubnetGroupName: !Ref DataSubnetGroup
      Engine:
        !If [ UsePostgreSQL, aurora-postgresql, aurora-mysql ]
      Tags:
        - Key: Name
          Value: !Join [ '', [ 'Moodle / ', !Ref 'AWS::StackName' ] ]
  DataSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: RDS Database Subnet Group for Moodle
      SubnetIds:
        !If
          [ NumberOfSubnets1,
          [ !Select [ 0, !Ref Subnet ] ],
          !If
            [ NumberOfSubnets2,
            [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ] ],
            [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ] ]
            ]
          ]
      Tags:
        - Key: Name
          Value: !Join [ '', [ 'Moodle / ', !Ref 'AWS::StackName' ] ]
  DatabaseClusterParam:
    Type: AWS::SSM::Parameter
    Properties:
      Name: !Join [ '', [ '/Moodle/',!Ref ProjectName, '/DB/ClusterEndpoint' ] ]
      Type: String
      Value: !GetAtt DatabaseCluster.Endpoint.Address
      Description: SSM Parameter for Moodle DB Cluster

  DatabaseClusterReadOnlyParam:
    Type: AWS::SSM::Parameter
    Properties:
      Name: !Join [ '', [ '/Moodle/',!Ref ProjectName, '/DB/ClusterReadOnlyEndpoint' ] ]
      Type: String
      Value: !GetAtt DatabaseCluster.ReadEndpoint.Address
      Description: SSM Parameter for Moodle DB Cluster Read only

  DatabaseNameParam:
    Type: AWS::SSM::Parameter
    Properties:
      Name: !Join [ '', [ '/Moodle/',!Ref ProjectName, '/DB/Name' ] ]
      Type: String
      Value: !Ref DatabaseName
      Description: SSM Parameter for Moodle DB Name

  DatabaseTypeParam:
    Type: AWS::SSM::Parameter
    Properties:
      Name: !Join [ '', [ '/Moodle/',!Ref ProjectName, '/DB/Type' ] ]
      Type: String
      Value: !Ref DatabaseType
      Description: SSM Parameter for Moodle DB Type

Outputs:
  Database:
    Value: !Ref DatabaseCluster
  DatabaseName:
    Value: !Ref DatabaseName
  DatabaseInstance0:
    Value: !Ref DatabaseInstance0
  DatabaseInstance1:
    Value: !Ref DatabaseInstance1
  DataSubnetGroup:
    Value: !Ref DataSubnetGroup
  DatabaseClusterEndpointAddress:
    Value: !GetAtt DatabaseCluster.Endpoint.Address
  DatabaseClusterEndpointPort:
    Value: !GetAtt DatabaseCluster.Endpoint.Port
  DatabaseClusterReadEndpointAddress:
    Value: !GetAtt DatabaseCluster.ReadEndpoint.Address