Merge pull request #436 from ericzbeard/main

Generating JSON
aws-cloudformation · May 31, 2024 · da038b3 · da038b3
2 parents 20d9faa + 8f577cd
commit da038b3
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 6 deletions.
diff --git a/Config/Config.json b/Config/Config.json
@@ -245,7 +245,7 @@
                     "ZipFile": "var aws  = require('aws-sdk');\nvar config = new aws.ConfigService();\nvar ec2 = new aws.EC2();\nexports.handler = function(event, context) {\n    var compliance = evaluateCompliance(event, function(compliance, event) {\n        var configurationItem = JSON.parse(event.invokingEvent).configurationItem;\n        var putEvaluationsRequest = {\n            Evaluations: [{\n                ComplianceResourceType: configurationItem.resourceType,\n                ComplianceResourceId: configurationItem.resourceId,\n                ComplianceType: compliance,\n                OrderingTimestamp: configurationItem.configurationItemCaptureTime\n            }],\n            ResultToken: event.resultToken\n        };\n        config.putEvaluations(putEvaluationsRequest, function(err, data) {\n            if (err) context.fail(err);\n            else context.succeed(data);\n        });\n    });\n};\nfunction evaluateCompliance(event, doReturn) {\n    var configurationItem = JSON.parse(event.invokingEvent).configurationItem;\n    var status = configurationItem.configurationItemStatus;\n    if (configurationItem.resourceType !== 'AWS::EC2::Volume' || event.eventLeftScope || (status !== 'OK' && status !== 'ResourceDiscovered'))\n        doReturn('NOT_APPLICABLE', event);\n    else ec2.describeVolumeAttribute({VolumeId: configurationItem.resourceId, Attribute: 'autoEnableIO'}, function(err, data) {\n        if (err) context.fail(err);\n        else if (data.AutoEnableIO.Value) doReturn('COMPLIANT', event);\n        else doReturn('NON_COMPLIANT', event);\n    });\n}\n"
                 },
                 "Handler": "index.handler",
-                "Runtime": "nodejs16.x",
+                "Runtime": "nodejs20.x",
                 "Timeout": "30",
                 "Role": {
                     "Fn::GetAtt": [

diff --git a/RDS/RDS_MySQL_With_Read_Replica.json b/RDS/RDS_MySQL_With_Read_Replica.json
@@ -113,10 +113,21 @@
             },
             "Condition": "IsEC2VPC"
         },
+        "DBCredential": {
+            "Type": "AWS::SecretsManager::Secret",
+            "Properties": {
+                "GenerateSecretString": {
+                    "PasswordLength": 16,
+                    "ExcludeCharacters": "\"@/\\",
+                    "RequireEachIncludedType": true
+                }
+            }
+        },
         "MainDB": {
             "DeletionPolicy": "Snapshot",
             "UpdateReplacePolicy": "Snapshot",
             "Type": "AWS::RDS::DBInstance",
+            "DependsOn": "DBCredential",
             "Properties": {
                 "DBName": {
                     "Ref": "DBName"
@@ -132,7 +143,9 @@
                 "MasterUsername": {
                     "Ref": "DBUser"
                 },
-                "MasterUserPassword": "{{resolve:secretsmanager:my-db-password}}",
+                "MasterUserPassword": {
+                    "Fn::Sub": "{{resolve:secretsmanager:${DBCredential}}}"
+                },
                 "MultiAZ": {
                     "Ref": "MultiAZ"
                 },
@@ -194,6 +207,12 @@
         }
     },
     "Outputs": {
+        "DBCredentialSecretNameArn": {
+            "Description": "Name of the secret containing the database credential",
+            "Value": {
+                "Ref": "DBCredential"
+            }
+        },
         "EC2Platform": {
             "Description": "Platform in which this stack is deployed",
             "Value": {

diff --git a/RDS/RDS_PIOPS.json b/RDS/RDS_PIOPS.json
@@ -16,8 +16,19 @@
         }
     },
     "Resources": {
+        "DBCredential": {
+            "Type": "AWS::SecretsManager::Secret",
+            "Properties": {
+                "GenerateSecretString": {
+                    "PasswordLength": 16,
+                    "ExcludeCharacters": "\"@/\\",
+                    "RequireEachIncludedType": true
+                }
+            }
+        },
         "myDB": {
             "Type": "AWS::RDS::DBInstance",
+            "DependsOn": "DBCredential",
             "Properties": {
                 "AllocatedStorage": "100",
                 "DBInstanceClass": "db.t3.small",
@@ -27,7 +38,9 @@
                 "MasterUsername": {
                     "Ref": "DBUser"
                 },
-                "MasterUserPassword": "{{resolve:secretsmanager:my-db-password}}",
+                "MasterUserPassword": {
+                    "Fn::Sub": "{{resolve:secretsmanager:${DBCredential}}}"
+                },
                 "PubliclyAccessible": false,
                 "StorageEncrypted": true
             }

diff --git a/RDS/RDS_with_DBParameterGroup.json b/RDS/RDS_with_DBParameterGroup.json
@@ -60,12 +60,11 @@
         "MyRDSParamGroup": {
             "Type": "AWS::RDS::DBParameterGroup",
             "Properties": {
-                "Family": "MySQL5.6",
+                "Family": "MySQL8.0",
                 "Description": "CloudFormation Sample Database Parameter Group",
                 "Parameters": {
                     "autocommit": "1",
-                    "general_log": "1",
-                    "old_passwords": "0"
+                    "general_log": "1"
                 }
             }
         }