Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
Guided Walkthroughs
Configuration Packages
By Implementation
By Service Protected
Reference Guides
Other
Guided Walkthroughs
Configuration Packages
By Service Protected
VPC Security Controls
EC2 Security Controls
IAM Security Controls
S3 Security Controls
RDS Security Controls
OpenSearch/Elasticsearch Security Controls
EFS Security Controls
Route53 Security Controls
DynamoDB Security Controls
ECR Security Controls
EMR Security
Lambda Security
CloudFormation Security
CodeX Security Controls
AWS Certificate Manager (ACM) Security
Logging & Monitoring Configurations
Backups & DR
Billing and Cost ManagementBy Implementation
Reference Guides
Other
RDS Security Controls
RDS PostgreSQL Instance (w/ Secrets Manager)
Configuration template to launch an RDS instance running PostgreSQL. The template also includes a new DB subnet group to specify the subnets for the cluster instances to be created as well as a new AWS Secrets Manager secret to store the password
Settings for customizing the template include:
- RDS Settings:
- Engine and Engine Version, DB Instance Type
- (Aurora) Cluster Name and Number of Instances
- (RDS) Allocated Storage and Storage Type
- (RDS) Enable Multi-AZ
- Encryption Storage and Deletion Protection
- Create a new DB Subnet Group to specify the Subnet Ids for the RDS Cluster or Instance or reference an existing DB Subnet Group for the RDS Cluster or Instance
- (Optional) Database Settings which include Database Name, Port, Username and Password
- Password by default is a random string that is generated and stored in AWS Secrets Manager, edit the secret properties using the Edit Secret Settings
- Optionally provide the password as clear-text (not recommended)
- Maintenance and Backup options such as Backup Retention Period, preferred Backup and Maintenance Windows
Items
2
Size
1.0 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
DbSecret:
Type: "AWS::SecretsManager::Secret"
Properties:
KmsKeyId: "alias/aws/secretsmanager"
GenerateSecretString:
ExcludeLowercase: false
ExcludeNumbers: false
ExcludePunctuation: false
ExcludeUppercase: false
PasswordLength: 32
ExcludeCharacters: "/\"@\\"
RdsInstance:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceClass: "db.t3.medium"
MultiAZ: false
Engine: "postgres"
EngineVersion: "13.4"
DBSubnetGroupName: "custom-subnet-group"
MasterUsername: "dbadmin"
MasterUserPassword:
Fn::Sub: "{{resolve:secretsmanager:${DbSecret}}}"
Port: "5432"
DBInstanceIdentifier: "rds-postgres"
AllocatedStorage: "50"
StorageEncrypted: false
StorageType: "standard"
BackupRetentionPeriod: 1
DeleteAutomatedBackups: true
DeletionProtection: false
Parameters: {}
Metadata: {}
Conditions: {}
Actions
Customize Template
* Required field
Upgrade to Premium for More Features
Configuration Packages
Pre-built packages for common configuration
Common SCPs
CloudFormation Guard Rules
Auto Remediation Rules
IAM Monitoring & Compliance
All Packages
Automated Assessments
- 350+ security checks
- Well-architected reviews
- Detailed compliance reports
- Remediation templates
- Email summaries
- Learn more