Merge pull request #436 from ericzbeard/main

ericzbeard · web-flow · commit da038b3a3101 · 2024-05-30T17:21:22.000-07:00
Generating JSON
diff --git a/Config/Config.json b/Config/Config.json
@@ -245,7 +245,7 @@
                     "ZipFile": "var aws  = require('aws-sdk');\nvar config = new aws.ConfigService();\nvar ec2 = new aws.EC2();\nexports.handler = function(event, context) {\n    var compliance = evaluateCompliance(event, function(compliance, event) {\n        var configurationItem = JSON.parse(event.invokingEvent).configurationItem;\n        var putEvaluationsRequest = {\n            Evaluations: [{\n                ComplianceResourceType: configurationItem.resourceType,\n                ComplianceResourceId: configurationItem.resourceId,\n                ComplianceType: compliance,\n                OrderingTimestamp: configurationItem.configurationItemCaptureTime\n            }],\n            ResultToken: event.resultToken\n        };\n        config.putEvaluations(putEvaluationsRequest, function(err, data) {\n            if (err) context.fail(err);\n            else context.succeed(data);\n        });\n    });\n};\nfunction evaluateCompliance(event, doReturn) {\n    var configurationItem = JSON.parse(event.invokingEvent).configurationItem;\n    var status = configurationItem.configurationItemStatus;\n    if (configurationItem.resourceType !== 'AWS::EC2::Volume' || event.eventLeftScope || (status !== 'OK' && status !== 'ResourceDiscovered'))\n        doReturn('NOT_APPLICABLE', event);\n    else ec2.describeVolumeAttribute({VolumeId: configurationItem.resourceId, Attribute: 'autoEnableIO'}, function(err, data) {\n        if (err) context.fail(err);\n        else if (data.AutoEnableIO.Value) doReturn('COMPLIANT', event);\n        else doReturn('NON_COMPLIANT', event);\n    });\n}\n"
                 },
                 "Handler": "index.handler",
-                "Runtime": "nodejs16.x",
+                "Runtime": "nodejs20.x",
                 "Timeout": "30",
                 "Role": {
                     "Fn::GetAtt": [
diff --git a/RDS/RDS_MySQL_With_Read_Replica.json b/RDS/RDS_MySQL_With_Read_Replica.json
@@ -113,10 +113,21 @@
             },
             "Condition": "IsEC2VPC"
         },
+        "DBCredential": {
+            "Type": "AWS::SecretsManager::Secret",
+            "Properties": {
+                "GenerateSecretString": {
+                    "PasswordLength": 16,
+                    "ExcludeCharacters": "\"@/\\",
+                    "RequireEachIncludedType": true
+                }
+            }
+        },
         "MainDB": {
             "DeletionPolicy": "Snapshot",
             "UpdateReplacePolicy": "Snapshot",
             "Type": "AWS::RDS::DBInstance",
+            "DependsOn": "DBCredential",
             "Properties": {
                 "DBName": {
                     "Ref": "DBName"
@@ -132,7 +143,9 @@
                 "MasterUsername": {
                     "Ref": "DBUser"
                 },
-                "MasterUserPassword": "{{resolve:secretsmanager:my-db-password}}",
+                "MasterUserPassword": {
+                    "Fn::Sub": "{{resolve:secretsmanager:${DBCredential}}}"
+                },
                 "MultiAZ": {
                     "Ref": "MultiAZ"
                 },
@@ -194,6 +207,12 @@
         }
     },
     "Outputs": {
+        "DBCredentialSecretNameArn": {
+            "Description": "Name of the secret containing the database credential",
+            "Value": {
+                "Ref": "DBCredential"
+            }
+        },
         "EC2Platform": {
             "Description": "Platform in which this stack is deployed",
             "Value": {
diff --git a/RDS/RDS_PIOPS.json b/RDS/RDS_PIOPS.json
@@ -16,8 +16,19 @@
         }
     },
     "Resources": {
+        "DBCredential": {
+            "Type": "AWS::SecretsManager::Secret",
+            "Properties": {
+                "GenerateSecretString": {
+                    "PasswordLength": 16,
+                    "ExcludeCharacters": "\"@/\\",
+                    "RequireEachIncludedType": true
+                }
+            }
+        },
         "myDB": {
             "Type": "AWS::RDS::DBInstance",
+            "DependsOn": "DBCredential",
             "Properties": {
                 "AllocatedStorage": "100",
                 "DBInstanceClass": "db.t3.small",
@@ -27,7 +38,9 @@
                 "MasterUsername": {
                     "Ref": "DBUser"
                 },
-                "MasterUserPassword": "{{resolve:secretsmanager:my-db-password}}",
+                "MasterUserPassword": {
+                    "Fn::Sub": "{{resolve:secretsmanager:${DBCredential}}}"
+                },
                 "PubliclyAccessible": false,
                 "StorageEncrypted": true
             }
diff --git a/RDS/RDS_with_DBParameterGroup.json b/RDS/RDS_with_DBParameterGroup.json
@@ -60,12 +60,11 @@
         "MyRDSParamGroup": {
             "Type": "AWS::RDS::DBParameterGroup",
             "Properties": {
-                "Family": "MySQL5.6",
+                "Family": "MySQL8.0",
                 "Description": "CloudFormation Sample Database Parameter Group",
                 "Parameters": {
                     "autocommit": "1",
-                    "general_log": "1",
-                    "old_passwords": "0"
+                    "general_log": "1"
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -60,12 +60,11 @@`
`60`	`60`	`"MyRDSParamGroup": {`
`61`	`61`	`"Type": "AWS::RDS::DBParameterGroup",`
`62`	`62`	`"Properties": {`
`63`		`- "Family": "MySQL5.6",`
	`63`	`+ "Family": "MySQL8.0",`
`64`	`64`	`"Description": "CloudFormation Sample Database Parameter Group",`
`65`	`65`	`"Parameters": {`
`66`	`66`	`"autocommit": "1",`
`67`		`- "general_log": "1",`
`68`		`- "old_passwords": "0"`
	`67`	`+ "general_log": "1"`
`69`	`68`	`}`
`70`	`69`	`}`
`71`	`70`	`}`