AWSTemplateFormatVersion: "2010-09-09"

Description: AWS CloudFormation workshop - Dynamic references - Database template (uksb-1q9p31idr) (tag:dynamic-references).

Parameters:
  DBUsername:
    Description: Username for Database Access
    Type: String
    NoEcho: "true"
    MinLength: "1"
    MaxLength: "16"
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
    ConstraintDescription: must begin with a letter and contain only alphanumeric characters.

  DBPassword:
    Description: Password for MySQL database access
    Type: String
    NoEcho: "true"
    MinLength: "8"
    MaxLength: "41"
    AllowedPattern: '[a-zA-Z0-9]*'
    ConstraintDescription: must contain only alphanumeric characters.

Resources:
  Database:
    DeletionPolicy: Delete
    Type: AWS::RDS::DBInstance
    Metadata:
      cfn_nag:
        rules_to_suppress:
          - id: F80
          - id: F27
    Properties:
      DBInstanceClass: db.t2.micro
      AllocatedStorage: "20"
      Engine: mysql
      MasterUsername: !Ref DBUsername
      MasterUserPassword: !Ref DBPassword
      PubliclyAccessible: false

  DatabaseConnParams:
    Type: AWS::SecretsManager::Secret
    Properties:
      Description: Database Connection Parameters.
      Name: DatabaseConnParams
      SecretString: !Sub |
        {
          "RDS_HOSTNAME": "${Database.Endpoint.Address}",
          "RDS_PORT": "${Database.Endpoint.Port}",
          "RDS_USERNAME": "${DBUsername}",
          "RDS_PASSWORD": "${DBPassword}"
        }