By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesVPC Endpoint PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

RDS Security Controls

RDS PostgreSQL Instance (w/ Secrets Manager)

Configuration template to launch an RDS instance running PostgreSQL. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password

Settings for customizing the template include:

  • RDS Settings:
    • Engine and Engine Version, DB Instance Type
    • (Aurora) Cluster Name and Number of Instances 
    • (RDS) Allocated Storage and Storage Type
    • (RDS) Enable Multi-AZ 
    • Encryption Storage and Deletion Protection
  • Create a new DB Subnet Group to specify the Subnet Ids for the RDS Cluster or Instance or reference an existing DB Subnet Group for the RDS Cluster or Instance
  • (Optional) Database Settings which include Database Name, Port, Username and Password
    • Password by default is a random string that is generated and stored in AWS Secrets Manager, edit the secret properties using the Edit Secret Settings
    • Optionally provide the password as clear-text (not recommended)
  • Maintenance and Backup options such as Backup Retention Period, preferred Backup and Maintenance Windows
Items
3
Size
1.2 KB
Missing Parameters
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  DbSecret:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      KmsKeyId: "alias/aws/secretsmanager"
      GenerateSecretString:
        ExcludeLowercase: false
        ExcludeNumbers: false
        ExcludePunctuation: false
        ExcludeUppercase: false
        PasswordLength: 32
        ExcludeCharacters: "/\"@\\"
  RdsDBSubnetGroup:
    Type: "AWS::RDS::DBSubnetGroup"
    Properties:
      DBSubnetGroupName: "custom-subnet-group"
      DBSubnetGroupDescription: "custom subnet group"
      SubnetIds:
        - ""
  RdsInstance:
    Type: "AWS::RDS::DBInstance"
    Properties:
      DBInstanceClass: "db.t3.medium"
      MultiAZ: false
      Engine: "postgres"
      EngineVersion: "13.4"
      DBSubnetGroupName:
        Ref: "RdsDBSubnetGroup"
      MasterUsername: "dbadmin"
      MasterUserPassword:
        Fn::Sub: "{{resolve:secretsmanager:${DbSecret}}}"
      Port: "5432"
      DBInstanceIdentifier: "rds-postgres"
      AllocatedStorage: "50"
      StorageEncrypted: false
      StorageType: "standard"
      BackupRetentionPeriod: 1
      DeleteAutomatedBackups: true
      DeletionProtection: false
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

RDS Settings

Database Settings

Network Settings

Maintenance & Backup

* Required field