AWSTemplateFormatVersion: "2010-09-09" Description: Creates KMS CMK, VPC, Aurora Database, Fargate application, and creates pipeline to build and deploy container Parameters: PrimaryRegion: Type: String Description: Primary Region KeyAdministratorRole: Type: String Description: This is the IAM Role that is managing the CMK. Be sure that the key policy that you create allows the current user to administer the CMK. https://aws.amazon.com/premiumsupport/knowledge-center/update-key-policy-future/ SourceDBInstanceIdentifier: Description: AuroraClusterArn - Source Cluster to Replicate Type: String DatabaseEngine: Type: String Description: Aurora MySQL or Aurora PostgreSQL Default: aurora-mysql AllowedValues: - aurora-mysql - aurora-postgresql ConstraintDescription: Specify either aurora-mysql or aurora-postgresql DjangoDatabaseEngine: Type: String Description: Django Database Connector Type MinLength: 10 MaxLength: 255 AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9.]*$" Default: django.db.backends.mysql AllowedValues: - django.db.backends.mysql - django.db.backends.postgresql ConstraintDescription: Specify either django.db.backends.mysql or django.db.backends.postgresql to match DatabaseEngine DatabaseInstanceClass: Default: db.r4.large Type: String Description: "Database instance class, e.g. db.t2.micro (free tier) - Engine support: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html" ConstraintDescription: DB instance class not supported AllowedValues: - db.t2.small - db.t2.medium - db.t2.xlarge - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r4.8xlarge - db.r4.16xlarge Resources: KMSCMKKeyStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: cfn.kms.yaml Parameters: KeyAdministratorRole: !Ref KeyAdministratorRole VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: cfn.vpc.yaml Parameters: AvailabilityZone1: !Select - 0 - !GetAZs Ref: 'AWS::Region' AvailabilityZone2: !Select - 1 - !GetAZs Ref: 'AWS::Region' DatabaseStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: cfn.aurora-read-replica.yaml Parameters: DatabaseEngine: !Ref DatabaseEngine DatabaseInstanceClass: !Ref DatabaseInstanceClass KmsKeyId: !GetAtt KMSCMKKeyStack.Outputs.EncryptionAtRestCMKArn NetworkStackName: !GetAtt VPCStack.Outputs.StackName SourceDBInstanceIdentifier: !Ref SourceDBInstanceIdentifier SourceRegion: !Ref PrimaryRegion FargateStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: cfn.fargate.yaml Parameters: ColumnEncryptionKeyAlias: !GetAtt KMSCMKKeyStack.Outputs.ColumnEncryptionCMKAlias NetworkStackName: !GetAtt VPCStack.Outputs.StackName DjangoDatabaseEngine: !Ref DjangoDatabaseEngine KMSAccountID: !Sub "${AWS::AccountId}" DatabaseSecretsManagerArn: !GetAtt DatabaseStack.Outputs.DBSecretsArn DatabaseURL: !GetAtt DatabaseStack.Outputs.AuroraDbURL DatabasePort: !GetAtt DatabaseStack.Outputs.AuroraDBPort PrimaryRegion: !Ref PrimaryRegion SecondaryRegion: !Ref 'AWS::Region' IAMDatabaseAuthenticationStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: ../tmp/iamauthentication-build-dir/template.yaml Parameters: pDBClusterIdentifier: !GetAtt DatabaseStack.Outputs.AuroraClusterId pAppPrivateSubnetA: !GetAtt VPCStack.Outputs.PrivateSubnet1 pAppPrivateSubnetB: !GetAtt VPCStack.Outputs.PrivateSubnet2 pAppSecurityGroup: !GetAtt VPCStack.Outputs.AppSecurityGroup pDatabaseSecretsManagerArn: !GetAtt DatabaseStack.Outputs.DBSecretsArn pDatabaseURL: !GetAtt DatabaseStack.Outputs.AuroraDbURL Outputs: StackName: Value: !Ref AWS::StackName Export: Name: !Sub "${AWS::StackName}-StackName" CreateUrl: Description: "Go to this URL first" Value: !GetAtt FargateStack.Outputs.CreateUrl Export: Name: !Sub "${AWS::StackName}-CreateUrl" AuthenticateDataUrl: Description: "Use this URL to authenticate the data you entered on the Create page" Value: !GetAtt FargateStack.Outputs.AuthenticateDataUrl Export: Name: !Sub "${AWS::StackName}-AuthenticateDataUrl"