Parameters:
  App:
    Type: String
    Description: Your application's name.
  Env:
    Type: String
    Description: The name of the environment being deployed.
  # Customize your Aurora Serverless cluster by setting the default value of the following parameters.
  {{logicalIDSafe .ClusterName}}DBName:
    Type: String
    Description: The name of the initial database to be created in the Aurora Serverless v2 cluster.
    Default: {{.InitialDBName}}
    # Cannot have special characters
    # Naming constraints: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints
  VPCID:
    Type: String
    Description: The ID of the VPC in which to create the Aurora Serverless v2 cluster.
    Default: ""
  PrivateSubnets:
    Type: String
    Description: The IDs of the private subnets in which to create the Aurora Serverless v2 cluster.
    Default: ""

Mappings:
  {{logicalIDSafe .ClusterName}}EnvScalingConfigurationMap: {{range $env := .Envs}}
    {{$env}}:
      "DBMinCapacity": 0.5 # AllowedValues: from 0.5 through 128
      "DBMaxCapacity": 8   # AllowedValues: from 0.5 through 128
    {{end}}
    All:
      "DBMinCapacity": 0.5 # AllowedValues: from 0.5 through 128
      "DBMaxCapacity": 8   # AllowedValues: from 0.5 through 128

Resources:
  {{logicalIDSafe .ClusterName}}DBSubnetGroup:
    Type: 'AWS::RDS::DBSubnetGroup'
    Properties:
      DBSubnetGroupDescription: Group of private subnets for Aurora Serverless v2 cluster.
      SubnetIds:
        !Split [',', !Ref PrivateSubnets]
  
  {{logicalIDSafe .ClusterName}}WorkloadSecurityGroup:
    Metadata:
      'aws:copilot:description': 'A security group for one or more workloads to access the Aurora Serverless v2 cluster {{logicalIDSafe .ClusterName}}'
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: 'The Security Group to access Aurora Serverless v2 cluster {{logicalIDSafe .ClusterName}}.'
      VpcId: !Ref VPCID
      Tags:
        - Key: Name
          Value: !Sub 'copilot-${App}-${Env}-Aurora'

  {{logicalIDSafe .ClusterName}}DBClusterSecurityGroup:
    Metadata:
      'aws:copilot:description': 'A security group for your Aurora Serverless v2 cluster {{logicalIDSafe .ClusterName}}'
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: The Security Group for the Aurora Serverless v2 cluster.
      VpcId: !Ref VPCID
      Tags:
        - Key: Name
          Value: !Sub 'copilot-${App}-${Env}-Aurora'
  
  {{logicalIDSafe .ClusterName}}DBClusterSecurityGroupIngressFromWorkload:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: Ingress from one or more workloads in the environment.
      GroupId: !Ref {{logicalIDSafe .ClusterName}}DBClusterSecurityGroup
      IpProtocol: tcp
      ToPort: {{- if eq .Engine "MySQL"}} 3306 {{- else}} 5432 {{- end}}
      FromPort: {{- if eq .Engine "MySQL"}} 3306 {{- else}} 5432 {{- end}}
      SourceSecurityGroupId: !Ref {{logicalIDSafe .ClusterName}}WorkloadSecurityGroup
  
  {{logicalIDSafe .ClusterName}}AuroraSecret:
    Metadata:
      'aws:copilot:description': 'A Secrets Manager secret to store your DB credentials'
    Type: AWS::SecretsManager::Secret
    Properties:
      Description: !Sub Aurora main user secret for ${AWS::StackName}
      GenerateSecretString:
        SecretStringTemplate: {{- if eq .Engine "MySQL"}} '{"username": "admin"}' {{- else}} '{"username": "postgres"}' {{- end}}
        GenerateStringKey: "password"
        ExcludePunctuation: true
        IncludeSpace: false
        PasswordLength: 16
  
  {{- if .ParameterGroup}}
  # {{logicalIDSafe .ClusterName}}DBClusterParameterGroup:
  #   Type: 'AWS::RDS::DBClusterParameterGroup'
  #   Properties:
  #     Description: !Ref 'AWS::StackName'
  #     Family: 'aurora-mysql8.0'
  #     Parameters:
  #       character_set_client: 'utf8'
  {{- else}}
  {{logicalIDSafe .ClusterName}}DBClusterParameterGroup:
    Metadata:
      'aws:copilot:description': 'A DB parameter group for engine configuration values'
    Type: 'AWS::RDS::DBClusterParameterGroup'
    Properties:
      Description: !Ref 'AWS::StackName'
      {{- if eq .Engine "MySQL"}}
      Family: 'aurora-mysql8.0'
      Parameters:
        character_set_client: 'utf8'
      {{- else}}
      Family: 'aurora-postgresql14'
      Parameters:
        client_encoding: 'UTF8'
      {{- end}}
  {{- end}}
  
  {{logicalIDSafe .ClusterName}}DBCluster:
    Metadata:
      'aws:copilot:description': 'The {{logicalIDSafe .ClusterName}} Aurora Serverless v2 database cluster'
    Type: 'AWS::RDS::DBCluster'
    Properties:
      MasterUsername:
        !Join [ "",  [ {{`'{{resolve:secretsmanager:'`}}, !Ref {{logicalIDSafe .ClusterName}}AuroraSecret, ":SecretString:username}}" ]]
      MasterUserPassword:
        !Join [ "",  [ {{`'{{resolve:secretsmanager:'`}}, !Ref {{logicalIDSafe .ClusterName}}AuroraSecret, ":SecretString:password}}" ]]
      DatabaseName: !Ref {{logicalIDSafe .ClusterName}}DBName
      {{- if eq .Engine "MySQL"}}
      Engine: 'aurora-mysql'
      EngineVersion: '8.0.mysql_aurora.3.02.0'
      {{- else}}
      Engine: 'aurora-postgresql'
      EngineVersion: '14.4'
      {{- end}}
      DBClusterParameterGroupName: {{- if .ParameterGroup}} {{.ParameterGroup}} {{- else}} !Ref {{logicalIDSafe .ClusterName}}DBClusterParameterGroup {{- end}}
      DBSubnetGroupName: !Ref {{logicalIDSafe .ClusterName}}DBSubnetGroup
      Port: {{if eq .Engine "MySQL"}}3306{{else}}5432{{end}}
      VpcSecurityGroupIds:
        - !Ref {{logicalIDSafe .ClusterName}}DBClusterSecurityGroup
      ServerlessV2ScalingConfiguration:
        # Replace "All" below with "!Ref Env" to set different autoscaling limits per environment.
        MinCapacity: !FindInMap [{{logicalIDSafe .ClusterName}}EnvScalingConfigurationMap, All, DBMinCapacity]
        MaxCapacity: !FindInMap [{{logicalIDSafe .ClusterName}}EnvScalingConfigurationMap, All, DBMaxCapacity]
  
  {{logicalIDSafe .ClusterName}}DBWriterInstance:
    Metadata:
      'aws:copilot:description': 'The {{logicalIDSafe .ClusterName}} Aurora Serverless v2 writer instance'
    Type: 'AWS::RDS::DBInstance'
    Properties:
      DBClusterIdentifier: !Ref {{logicalIDSafe .ClusterName}}DBCluster
      DBInstanceClass: db.serverless
      {{- if eq .Engine "MySQL"}}
      Engine: 'aurora-mysql'
      {{- else}}
      Engine: 'aurora-postgresql'
      {{- end}}
      PromotionTier: 1
      AvailabilityZone: !Select
        - 0
        - !GetAZs
          Ref: AWS::Region

  {{logicalIDSafe .ClusterName}}SecretAuroraClusterAttachment:
    Type: AWS::SecretsManager::SecretTargetAttachment
    Properties:
      SecretId: !Ref {{logicalIDSafe .ClusterName}}AuroraSecret
      TargetId: !Ref {{logicalIDSafe .ClusterName}}DBCluster
      TargetType: AWS::RDS::DBCluster

Outputs:
  {{logicalIDSafe .ClusterName}}Secret:
    Description: "The JSON secret that holds the database username and password. Fields are 'host', 'port', 'dbname', 'username', 'password', 'dbClusterIdentifier' and 'engine'"
    Value: !Ref {{logicalIDSafe .ClusterName}}AuroraSecret
    Export:
      Name: !Sub ${App}-${Env}-{{logicalIDSafe .ClusterName}}AuroraSecret
  {{logicalIDSafe .ClusterName}}SecurityGroup:
    Description: "The security group to attach to the workload."
    Value: !Ref {{logicalIDSafe .ClusterName}}WorkloadSecurityGroup  
    Export:
      Name: !Sub ${App}-${Env}-{{logicalIDSafe .ClusterName}}SecurityGroup