--- # This template is a wrapper for compatible database templates. It exposes a single input/output API and can be referenced the same way no # matter which Database "Implementation" is chosen. AWSTemplateFormatVersion: 2010-09-09 Description: RDS Bootstrap template for use with Atlassian Services (qs-1pj6s43hc) Metadata: QSLint: Exclusions: [W4002, E3012, E1001, E9101, W9006, W9002, W9003, ERDSDBInstancePubliclyAccessible, EIAMPolicyWildcardResource, ERDSStorageEncryptionEnabled] Parameters: DatabaseImplementation: Default: 'Amazon Aurora PostgreSQL' Description: 'Database Engine to use. PostgreSQL or Amazon Aurora Clustered PostgreSQL' AllowedValues: - 'Amazon Aurora PostgreSQL' - 'PostgreSQL' ConstraintDescription: Must be 'Amazon Aurora PostgreSQL' or 'PostgreSQL'. Type: String DBEngineVersion: Default: 10 AllowedValues: - 9 - 10 - 11 - 12 Description: "The database engine version to use. We'll install a supported minor version that's suitable for your chosen engine. (Warning: Amazon RDS for PostgreSQL 9.6 will reach end of life on January 31st, 2022. Deployments after this date should not be made using this version. If you wish to upgrade to a major version from 9 see: https://confluence.atlassian.com/x/1IRlQQ)" Type: String DBSecurityGroup: Description: "ID of the security group (e.g. sg-0234se). One will be created for you if left empty." Type: String Default: '' DBAutoMinorVersionUpgrade: AllowedValues: - true - false Default: true Description: "Select true/false to setup Auto Minor Version upgrade. e.g. PostgreSQL 9.6.8 -> 9.6.11" Type: String DBBackupRetentionPeriod: Default: "7" Description: "The number of days for which automatic database snapshots are retained." Type: String DBInstanceClass: Default: db.m5.large AllowedValues: - db.m5.large - db.m5.xlarge - db.m5.2xlarge - db.m5.4xlarge - db.m5.12xlarge - db.m5.24xlarge - db.m4.large - db.m4.xlarge - db.m4.2xlarge - db.m4.4xlarge - db.m4.10xlarge - db.m4.16xlarge - db.r5.large - db.r5.xlarge - db.r5.2xlarge - db.r5.4xlarge - db.r5.12xlarge - db.r5.24xlarge - db.r4.large - db.r4.xlarge - db.r4.2xlarge - db.r4.4xlarge - db.r4.8xlarge - db.r4.16xlarge - db.t3.medium - db.t3.large - db.t3.xlarge - db.t3.2xlarge - db.t2.medium - db.t2.large - db.t2.xlarge - db.t2.2xlarge ConstraintDescription: Must be a valid RDS instance class from the list Description: RDS instance type (must be r4 family if using Amazon Aurora) Type: String DBIops: Default: 1000 ConstraintDescription: Must be in the range 1000 - 30000. Description: 'Must be in the range of 1000 - 30000 and a multiple of 1000. This value is only used with Provisioned IOPS. Note: The ratio of IOPS per allocated-storage must be between 3.00 and 10.00. Not used for Amazon Aurora.' MinValue: 1000 MaxValue: 30000 Type: Number DBMasterUserPassword: AllowedPattern: >- ^(?=^.{8,255}$)(?=.*[a-z])(?=.*[A-Z])(?=.*\d)((?=.*[^A-Za-z0-9])(?!.*[@/"'])).*$ ConstraintDescription: >- Min 8 chars. Must include 1 uppercase, 1 lowercase, 1 number, 1 (non / @ " ') symbol Description: Password for the master ('postgres') account. Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, 1 (non / @ \" ') symbol. MinLength: 8 MaxLength: 128 NoEcho: true Type: String DBMultiAZ: Description: When DBEngine is 'PostgreSQL', this will determine whether to provision a multi-AZ RDS instance. When DBEngine is 'Amazon Aurora PostgreSQL', this will determine whether to provision a single or a multi node Amazon Aurora cluster. Default: true AllowedValues: - true - false ConstraintDescription: Must be 'true' or 'false'. Type: String DBAllocatedStorage: Default: 10 Description: Database allocated storage size, in gigabytes (GB). If you choose Provisioned IOPS, storage should be between 100 and 6144. Not used for Amazon Aurora. Type: Number DBStorageEncrypted: Default: false AllowedValues: - true - false Description: Whether or not to encrypt the database Type: String DBStorageType: Default: General Purpose (SSD) AllowedValues: - General Purpose (SSD) - Provisioned IOPS ConstraintDescription: Must be 'General Purpose (SSD)' or 'Provisioned IOPS'. Description: Database storage type. Not used for Amazon Aurora. Type: String QSS3BucketName: Default: 'aws-quickstart' AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Description: S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: '' Type: String Description: The AWS Region where the Quick Start S3 bucket is hosted. Do not update it unless you're using a custom Quick Start S3 bucket. QSS3KeyPrefix: Default: 'quickstart-atlassian-services/' AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String ExportPrefix: Default: 'ATL-' Description: Each Atlassian Standard Infrastructure (ASI) uses a unique identifier. If you have multiple ASIs within the same AWS region, use this field to specify where to deploy the DB. Type: String Conditions: GovCloudCondition: !Equals - !Ref 'AWS::Region' - us-gov-west-1 UseAurora: !Equals [!Ref DatabaseImplementation, 'Amazon Aurora PostgreSQL'] UsePostgres: !Equals [!Ref DatabaseImplementation, 'PostgreSQL'] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] UseDatabaseEncryption: !Equals [!Ref DBStorageEncrypted, true] NoBucketRegionSupplied: !Equals [!Ref QSS3BucketRegion, ''] Mappings: # Supported semantic version mappings taken from: # https://confluence.atlassian.com/adminjiraserver/supported-platforms-938846830.html SemanticDBVersions: PostgreSQL: "9": "9.6" "10": "10" "11": "11" "12": "12" AuroraPostgreSQL: "9": "9.6.19" "10": "10.14" "11": "11.9" "12": "12.4" Resources: AuroraDatabase: Type: AWS::CloudFormation::Stack Condition: UseAurora Properties: TemplateURL: !If # Maintain backward compatibility for non-region support - NoBucketRegionSupplied - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-aurora-postgres-for-atlassian-services.yaml - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-aurora-postgres-for-atlassian-services.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] Parameters: CustomDBSecurityGroup: !Ref DBSecurityGroup DBAllocatedStorageEncrypted: !Ref DBStorageEncrypted DBBackupRetentionPeriod: !Ref DBBackupRetentionPeriod DBEngineVersion: !FindInMap [SemanticDBVersions, AuroraPostgreSQL, !Ref DBEngineVersion] DBInstanceClass: !Ref DBInstanceClass DBMasterUsername: postgres DBMasterUserPassword: !Ref DBMasterUserPassword DBMultiAZ: !Ref DBMultiAZ DBName: '' DBPort: '5432' EnableEventSubscription: 'false' Subnet1ID: !Select - 0 - !Split - "," - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" Subnet2ID: !Select - 1 - !Split - "," - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" VPCID: Fn::ImportValue: !Sub "${ExportPrefix}VPCID" Tags: # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py - Key: "atl:quickstart:commit-id" Value: "COMMIT: ebd2820214350ed6bb34df8cc0f7fadbb3ffa5e2" - Key: "atl:quickstart:timestamp" Value: "TIMESTAMP: 2021-06-09T01:26:03Z" PostgresDatabase: Type: AWS::CloudFormation::Stack Condition: UsePostgres Properties: TemplateURL: !If # Maintain backward compatibility for non-region support - NoBucketRegionSupplied - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-postgres-for-atlassian-services.yaml - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-postgres-for-atlassian-services.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] Parameters: CustomDBSecurityGroup: !Ref DBSecurityGroup DBEngineVersion: !FindInMap [SemanticDBVersions, PostgreSQL, !Ref DBEngineVersion] DBAllocatedStorage: !Ref DBAllocatedStorage DBAllocatedStorageEncrypted: !Ref DBStorageEncrypted DBAutoMinorVersionUpgrade: !Ref DBAutoMinorVersionUpgrade DBBackupRetentionPeriod: !Ref DBBackupRetentionPeriod DBInstanceClass: !Ref DBInstanceClass DBIops: !Ref DBIops DBMasterUsername: postgres DBMasterUserPassword: !Ref DBMasterUserPassword DBMultiAZ: !Ref DBMultiAZ DBStorageType: !Ref DBStorageType Subnet1ID: !Select - 0 - !Split - "," - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" Subnet2ID: !Select - 1 - !Split - "," - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" Tags: # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py - Key: "atl:quickstart:commit-id" Value: "COMMIT: ebd2820214350ed6bb34df8cc0f7fadbb3ffa5e2" - Key: "atl:quickstart:timestamp" Value: "TIMESTAMP: 2021-06-09T01:26:03Z" Outputs: RDSEndPointAddress: Description: The Database Connection String Value: !If [UseAurora, !GetAtt AuroraDatabase.Outputs.RDSEndPointAddress, !GetAtt PostgresDatabase.Outputs.RDSEndPointAddress] RDSEndPointPort: Description: The port the DB endpoint listens on Value: !If [UseAurora, !GetAtt AuroraDatabase.Outputs.RDSEndPointPort, !GetAtt PostgresDatabase.Outputs.RDSEndPointPort] RDSEncryptionKey: Condition: UseDatabaseEncryption Description: The alias of the encryption key created for RDS Value: !If [UseAurora, !GetAtt AuroraDatabase.Outputs.RDSEncryptionKey, !GetAtt PostgresDatabase.Outputs.RDSEncryptionKey] AuroraTemplateURL: Condition: UseAurora Description: The URL used to source the Aurora Stack template Value: !If - NoBucketRegionSupplied - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-aurora-postgres-for-atlassian-services.yaml - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-aurora-postgres-for-atlassian-services.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] PostgresTemplateURL: Condition: UsePostgres Description: The URL used to source the PostgreSQL Stack template Value: !If - NoBucketRegionSupplied - !Sub - https://${QSS3BucketName}.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-postgres-for-atlassian-services.yaml - S3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-postgres-for-atlassian-services.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion]