AWSTemplateFormatVersion: 2010-09-09
Description: Creates Database for WordPress instance (qs-1sflpub48)
Metadata:
  cfn-lint:
    config:
      ignore_checks:
        - E9101
        - W9002
        - W9003
        - W9006
Parameters:
  DBInstanceClass:
    Type: String
    Description: Database instance class
  DBMasterUser:
    Type: String
    Description: Master User for Database
  DBName:
    Type: String
    Description: Database Name
    Default: wordpressdb
  DBPassword:
    Type: String
    NoEcho: true
    Description: Database password
  DBPrivateSubnets:
    Type: List<AWS::EC2::Subnet::Id>
    Description: Private subnets for database
  QSTagKey:
    Type: String
    Description: Tag key to identify resources from this Quick Start
  QSTagValue:
    Type: String
    Description: Tag value to identify resources from this Quick Start
  SecurityGroupAppInstance:
    Description: App Instance Security Group
    Type: AWS::EC2::SecurityGroup::Id
  VpcId:
    Type: AWS::EC2::VPC::Id
    Description: Amazon VPC ID

Mappings:
  RDS:
    SecurityGroup:
      Name: sg-database-access
    Defaults:
      Engine: MySQL
      BackupRetention: 35
    Storage: 
      Type: gp2
      AllocatedStorage: 50

Resources:
  # Configure MySQL Database
  DBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Port 3306 database for access
      VpcId: !Ref VpcId
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 3306
        ToPort: 3306
        SourceSecurityGroupId: !Ref SecurityGroupAppInstance
      Tags:
      - Key: Name
        Value: !FindInMap [ RDS, SecurityGroup, Name ]
      - Key: !Ref QSTagKey
        Value: !Ref QSTagValue
  DBSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: MySQL RDS Subnet Group
      SubnetIds: !Ref DBPrivateSubnets
      Tags:
      - Key: !Ref QSTagKey
        Value: !Ref QSTagValue
  DBMySQL:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: !FindInMap [ RDS, Storage, AllocatedStorage]
      BackupRetentionPeriod: !FindInMap [ RDS, Defaults, BackupRetention ]
      CopyTagsToSnapshot: true
      DBInstanceClass: !Ref DBInstanceClass
      DBName: !Ref DBName
      DBSubnetGroupName: !Ref DBSubnetGroup
      Engine: !FindInMap [ RDS, Defaults, Engine]
      MultiAZ: true
      PubliclyAccessible: false
      StorageEncrypted: true
      StorageType: !FindInMap [ RDS, Storage, Type ]
      MasterUsername: !Ref DBMasterUser
      MasterUserPassword: !Ref DBPassword
      Tags:
      - Key: !Ref QSTagKey
        Value: !Ref QSTagValue
      VPCSecurityGroups:
      - !Ref DBSecurityGroup

Outputs:
  DBName:
    Description: Database instance name
    Value: !Ref DBName
  EndpointAddress:
    Description: Database endpoint address
    Value: !GetAtt DBMySQL.Endpoint.Address
  Port:
    Description: Database port
    Value: !GetAtt DBMySQL.Endpoint.Port