--- AWSTemplateFormatVersion: '2010-09-09' Description: MongoDB Atlas AWS CloudFormation Quickstart. (qs-1tq8f0hrt) Metadata: cfn-lint: { config: { ignore_checks: [ W9002, W9003, W9006, E3001, E1010 ] } } AWS::CloudFormation::Interface: ParameterGroups: - Label: default: MongoDB Atlas ApiKey Configuration Parameters: - Profile - OrgId - Label: default: MongoDB Atlas Configuration Parameters: - ProjectName - ClusterName - ClusterRegion - ClusterInstanceSize - DatabaseUserRoleDatabaseName - VPCCIDR - PrivateSubnetCIDR - AvailabilityZone - VPCRegion - DatabaseUserName - DatabasePassword ParameterLabels: Profile: default: Secret profile OrgId: default: MongoDB Atlas API OrgId ProjectName: default: Name of new Atlas Project ClusterName: default: Name of new cluster ClusterRegion: default: The AWS Region for Atlas Cluster ClusterInstanceSize: default: MongoDB Atlas Instance Size DatabaseUserRoleDatabaseName: default: MongoDB Atlas Database User Role Database Name VPCCIDR: default: VPC CIDR. PrivateSubnetCIDR: default: Private subnet CIDR AvailabilityZone: default: AZ for subnet VPCRegion: default: The AWS Region for VPC private endpoint. DatabaseUserName: default: MongoDB Atlas Database User Name DatabasePassword: default: MongoDB Atlas Database User Password Parameters: Profile: Description: "A secret with the cfn/atlas/profile/{Profile}" Type: String Default: "default" OrgId: Description: "Your MongoDB Cloud Organization Id" Type: String Default: "OrgId" ProjectName: Description: "The name of the project." Type: String Default: "aws-quickstart" ClusterName: Description: Name of the cluster as it appears in Atlas. Once the cluster is created, its name cannot be changed. Type: String Default: "Cluster-1" ClusterInstanceSize: Default: "M10" Description: Atlas provides different cluster tiers, each with a default storage capacity and RAM size. The cluster you select is used for all the data-bearing hosts in your cluster tier. See https://docs.atlas.mongodb.com/reference/amazon-aws/#amazon-aws. Type: String AllowedValues: - "M10" - "M20" - "M30" - "M40" - "R40" - "M40_NVME" - "M50" - "R50" - "M50_NVME" - "M60" - "R60" - "M60_NVME" - "M80" - "R80" - "M80_NVME" - "M140" - "M200" - "R200" - "M200_NVME" - "M300" - "R300" - "R400" - "M400_NVME" - "R700" ClusterRegion: Default: US_EAST_1 Description: AWS Region where the Atlas database runs. Type: String AllowedValues: - "US_EAST_1" - "US_EAST_2" - "CA_CENTRAL_1" - "US_WEST_1" - "US_WEST_2" - "SA_EAST_1" - "AP_SOUTH_1" - "AP_EAST_1" - "AP_SOUTHEAST_1" - "AP_SOUTHEAST_2" - "AP_SOUTHEAST_3" - "AP_NORTHEAST_1" - "AP_NORTHEAST_2" - "AP_NORTHEAST_3" - "EU_CENTRAL_1" - "EU_WEST_1" - "EU_NORTH_1" - "EU_WEST_2" - "EU_WEST_3" - "EU_SOUTH_1" - "ME_SOUTH_1" - "AF_SOUTH_1" ClusterMongoDBMajorVersion: Description: The version of MongoDB Type: String Default: "5.0" AllowedValues: - "4.4" - "5.0" - "6.0" DatabaseUserRoleDatabaseName: Description: Database Name Type: String Default: "test" PrivateSubnetCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28. Default: 10.0.0.0/19 Description: CIDR block for the private subnet, located in Availability Zone 1. Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16–28. Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String AvailabilityZone: Description: For subnets Type: String Default: "us-east-1a" VPCRegion: Default: "us-west-2" Description: The AWS Region where the Atlas DB Cluster will run. Type: String AllowedValues: - "us-east-1" - "us-east-2" - "ca-central-1" - "us-west-1" - "us-west-2" - "sa-east-1" - "ap-south-1" - "ap-east-2" - "ap-southeast-1" - "ap-southeast-2" - "ap-southeast-3" - "ap-northeast-1" - "ap-northeast-2" - "ap-northeast-3" - "eu-central-1" - "eu-west-1" - "eu-north-1" - "eu-west-1" - "eu-west-2" - "eu-west-3" - "eu-south-1" - "me-south-1" - "af-south-1" DatabaseUserName: Description: MongoDB Atlas Database User Name. Type: String Default: "testUser" DatabasePassword: Description: MongoDB Atlas Database User Password. Type: String NoEcho: true Resources: AtlasIAMRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root" Action: 'sts:AssumeRole' - Effect: Allow Principal: AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root" Service: ecs-tasks.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly AtlasProject: Type: MongoDB::Atlas::Project DependsOn: AtlasIAMRole Properties: OrgId: !Ref "OrgId" Profile: !Ref "Profile" Name: !Ref "ProjectName" AtlasProjectIPAccessList: Type: MongoDB::Atlas::ProjectIpAccessList Properties: ProjectId: !GetAtt "AtlasProject.Id" Profile: !Ref "Profile" AccessList: - IPAddress: "0.0.0.0/0" Comment: "Testing open all ips" AtlasCluster: Type: MongoDB::Atlas::Cluster Properties: Profile: !Ref "Profile" ProjectId: !GetAtt "AtlasProject.Id" Name: !Ref "ClusterName" MongoDBMajorVersion: !Ref "ClusterMongoDBMajorVersion" ClusterType: "REPLICASET" ReplicationSpecs: - NumShards: '1' AdvancedRegionConfigs: - AutoScaling: DiskGB: Enabled: 'true' Compute: Enabled: 'false' ScaleDownEnabled: 'false' ElectableSpecs: EbsVolumeType: STANDARD InstanceSize: !Ref ClusterInstanceSize NodeCount: '3' ReadOnlySpecs: EbsVolumeType: STANDARD InstanceSize: !Ref ClusterInstanceSize NodeCount: '1' Priority: '7' RegionName: !Ref ClusterRegion AtlasDatabaseUser: Type: MongoDB::Atlas::DatabaseUser Properties: ProjectId: !GetAtt "AtlasProject.Id" Profile: !Ref "Profile" Username: !Ref "DatabaseUserName" Password: !Ref "DatabasePassword" DatabaseName: "admin" Roles: - RoleName: "readWrite" DatabaseName: !Ref "DatabaseUserRoleDatabaseName" Scopes: - Name: !Ref "ClusterName" Type: "CLUSTER" PrivateEndpoint: Type: MongoDB::Atlas::PrivateEndpoint DependsOn: AtlasCluster Properties: GroupId: !GetAtt "AtlasProject.Id" Profile: !Ref "Profile" Region: !Ref "VPCRegion" PrivateEndpoints: - VpcId: !Ref PrivateVPC SubnetIds: - !Ref PrivateSubnet PrivateVPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: !Ref VPCCIDR PrivateSubnet: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref PrivateVPC AvailabilityZone: !Ref AvailabilityZone CidrBlock: !Ref PrivateSubnetCIDR Outputs: AtlasIAMRole: Description: "ARN for AWS IAM Role database cluster access" Value: !GetAtt "AtlasIAMRole.Arn" Export: Name: !Join [ "-", [ !Ref "AWS::StackName","AtlasIAMRoleARN" ] ] AtlasDatabaseUser: Description: "Atlas database user, configured for AWS IAM Role access." Value: !Ref AtlasDatabaseUser Export: Name: !Join [ "-", [ !Ref "AWS::StackName","AtlasDatabaseUser" ] ] AtlasProject: Description: "Info on your Atlas deployment" Value: !Ref AtlasProject Export: Name: !Join [ "-", [ !Ref "AWS::StackName","AtlasProjectId" ] ] AtlasProjectIPAccessList: Description: "Atlas project ip access list" Value: !Ref AtlasProjectIPAccessList Export: Name: !Join [ "-", [ !Ref "AWS::StackName","AtlasProjectIPAccessList" ] ] AtlasCluster: Description: "Info on your Atlas Cluster" Value: !Ref AtlasCluster Export: Name: !Join [ "-", [ !Ref "AWS::StackName","AtlasCluster" ] ] ClusterState: Description: "Cluster State" Value: !GetAtt "AtlasCluster.StateName" Export: Name: !Join [ "-", [ !Ref "AWS::StackName","ClusterState" ] ] ClusterSrvAddress: Description: "Hostname for mongodb+srv:// connection string" Value: !GetAtt "AtlasCluster.ConnectionStrings.StandardSrv" Export: Name: !Join [ "-", [ !Ref "AWS::StackName","ClusterSrvAddress" ] ]