AWS Cloudformation template examples

rds_vpc_mysql.yml

AWSTemplateFormatVersion: '2010-09-09'

Description: 'RDS example MySQL 8.0'

Parameters:
  DBName:
    Type: String
    Description: 'The database name'
    MinLength: 8
    MaxLength: 64
    AllowedPattern: '^[a-z]*$'
  DBInstanceIdentifier:
    Type: String
    Description: 'The database instance name'
    MinLength: 5
    MaxLength: 64
    AllowedPattern: '^[a-zA-Z][a-zA-Z0-9\-]*$'
  DBUser:
    NoEcho: true
    Type: String
    Description: 'The database admin account username'
    MinLength: 4
    MaxLength: 16
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
  DBPassword:
    NoEcho: true
    Type: String
    Description: 'The database admin account password'
    MinLength: 8
    MaxLength: 41
    AllowedPattern: '[a-zA-Z0-9]*'
  SubnetIds:
    Type: 'List<AWS::EC2::Subnet::Id>'
    Description: 'The subnet ids (at least two zone)'
  VPCSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup::Id'
    Description: 'The securit group'

Resources:
  MyDB:
    Type: 'AWS::RDS::DBInstance'
    Properties:
      AutoMinorVersionUpgrade: true
      AllocatedStorage: 20
      BackupRetentionPeriod: 1
      DeletionProtection: true
      DBInstanceClass: 'db.t2.micro'
      DBInstanceIdentifier: !Ref DBInstanceIdentifier
      DBName: !Ref DBName
      DBSubnetGroupName: !Ref MyDBSubnetGroup
      EnableCloudwatchLogsExports:
        - error
        - general
        - slowquery
      EnablePerformanceInsights: false
      Engine: 'mysql'
      EngineVersion: '8.0'
      MasterUsername: !Ref DBUser
      MasterUserPassword: !Ref DBPassword
      MaxAllocatedStorage: 50
      MonitoringInterval: '60'
      MonitoringRoleArn: !GetAtt MyDBEnhancedMonitoringRole.Arn
      MultiAZ: false
      Port: '3306'
      PubliclyAccessible: true
      PreferredBackupWindow: '02:15-02:45'
      PreferredMaintenanceWindow: 'tue:01:00-tue:01:30'
      StorageEncrypted: false
      StorageType: 'gp2'
      VPCSecurityGroups:
        - !Ref VPCSecurityGroup
  MyDBSubnetGroup:
    Type: 'AWS::RDS::DBSubnetGroup'
    Properties:
      SubnetIds: !Ref SubnetIds
      DBSubnetGroupDescription: 'Subnets available for the RDS DB Instance'
  MyDBEnhancedMonitoringRole:
    Type: AWS::IAM::Role
    Properties:
      Path: '/'
      Description: 'RDS Enhanced monitoring role'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Sid: ''
          Effect: Allow
          Principal:
            Service: 'monitoring.rds.amazonaws.com'
          Action: 'sts:AssumeRole'
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole'

Outputs:
  JDBCConnectionString:
    Description: 'JDBC connection string for database'
    Value: !Sub 'jdbc:mysql://${MyDB.Endpoint.Address}:${MyDB.Endpoint.Port}/${DBName}'
  DBAddress:
    Description: 'Address of database endpoint'
    Value: !GetAtt MyDB.Endpoint.Address
  DBPort:
    Description: 'Database endpoint port number'
    Value: !GetAtt MyDB.Endpoint.Port

s3_bucket_public-read-policy.yml

AWSTemplateFormatVersion: '2010-09-09'

Description: 's3 bucket example with public read policy'

Parameters:
  BucketName:
    Type: String
    Default: 'myBucket'
    Description: 'the bucket name'
    MinLength: 5
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'

Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Ref BucketName
  ReadPolicy:
    Type: 'AWS::S3::BucketPolicy'
    Properties:
      Bucket: !Ref S3Bucket
      PolicyDocument:
        Statement:
          - Action: 's3:GetObject'
            Effect: Allow
            Resource: !Sub 'arn:aws:s3:::${S3Bucket}/*'
            Principal: '*'

Outputs:
  Bucket:
    Description: 'S3 Bucket Name'
    Value: !Ref S3Bucket