New: Become a sponsor via GitHub Sponsors!

AWS offers many services to store state / data. Some are persistent, others are not.

Client Security Group

Some data stores are integrated into the VPC, others are only accessible via the AWS API. For VPC integration, you have to create a Client Security Group stack. The stack is used as a parent stack for ElastiCache, Elasticsearch, and RDS. To communicate with the data store from a EC2 instance, you have to attach the Client Security Group to the EC2 instance. The Security Group does not have any rules, but it marks traffic. The marked traffic is then allowed to enter the data store.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/client-sg.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. Launch Stack
  3. Click Next to proceed with the next step of the wizard.
  4. Specify a name and all parameters for the stack.
  5. Click Next to proceed with the next step of the wizard.
  6. Click Next to skip the Options step of the wizard.
  7. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  8. Click Create to start the creation of the stack.
  9. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

DocumentDB

Two node DocumentDB cluster for HA.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/documentdb.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. Launch Stack
  4. Click Next to proceed with the next step of the wizard.
  5. Specify a name and all parameters for the stack.
  6. Click Next to proceed with the next step of the wizard.
  7. Click Next to skip the Options step of the wizard.
  8. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  9. Click Create to start the creation of the stack.
  10. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

DynamoDB table

DynamoDB table with auto scaling for read and write capacity.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/dynamodb.yaml

Installation Guide

  1. Launch Stack
  2. Click Next to proceed with the next step of the wizard.
  3. Specify a name and all parameters for the stack.
  4. Click Next to proceed with the next step of the wizard.
  5. Click Next to skip the Options step of the wizard.
  6. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  7. Click Create to start the creation of the stack.
  8. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

ElastiCache memcached

Cluster of memcached nodes.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/elasticache-memcached.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. Launch Stack
  4. Click Next to proceed with the next step of the wizard.
  5. Specify a name and all parameters for the stack.
  6. Click Next to proceed with the next step of the wizard.
  7. Click Next to skip the Options step of the wizard.
  8. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  9. Click Create to start the creation of the stack.
  10. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

ElastiCache Redis

Two redis nodes in Multi-AZ mode with a single shard.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/elasticache-redis.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. Launch Stack
  4. Click Next to proceed with the next step of the wizard.
  5. Specify a name and all parameters for the stack.
  6. Click Next to proceed with the next step of the wizard.
  7. Click Next to skip the Options step of the wizard.
  8. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  9. Click Create to start the creation of the stack.
  10. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

Elasticsearch

Cluster of Elasticsearch nodes.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/elasticsearch.yaml

Installation Guide

  1. Create Service-Linked Role for Elasticsearch: aws --region us-east-1 iam create-service-linked-role --aws-service-name es.amazonaws.com
  2. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  3. This template depends on the client-sg.yaml template. Launch Stack
  4. Launch Stack
  5. Click Next to proceed with the next step of the wizard.
  6. Specify a name and all parameters for the stack.
  7. Click Next to proceed with the next step of the wizard.
  8. Click Next to skip the Options step of the wizard.
  9. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  10. Click Create to start the creation of the stack.
  11. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

RDS Aurora

Two node Aurora cluster for HA.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/rds-aurora.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. Launch Stack
  4. Click Next to proceed with the next step of the wizard.
  5. Specify a name and all parameters for the stack.
  6. Click Next to proceed with the next step of the wizard.
  7. Click Next to skip the Options step of the wizard.
  8. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  9. Click Create to start the creation of the stack.
  10. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

RDS Aurora Serverless MySQL

RDS Aurora Serverless MySQL cluster.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/rds-aurora-serverless.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. This template depends on the kms-key.yaml template. Launch Stack
  4. Launch Stack
  5. Click Next to proceed with the next step of the wizard.
  6. Specify a name and all parameters for the stack.
  7. Click Next to proceed with the next step of the wizard.
  8. Click Next to skip the Options step of the wizard.
  9. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  10. Click Create to start the creation of the stack.
  11. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

RDS Aurora Serverless Postgres

RDS Aurora Serverless Postgres cluster.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/rds-aurora-serverless-postgres.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. This template depends on the kms-key.yaml template. Launch Stack
  4. Launch Stack
  5. Click Next to proceed with the next step of the wizard.
  6. Specify a name and all parameters for the stack.
  7. Click Next to proceed with the next step of the wizard.
  8. Click Next to skip the Options step of the wizard.
  9. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  10. Click Create to start the creation of the stack.
  11. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

RDS MySQL

Multi-AZ MySQL for HA.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/rds-mysql.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. Launch Stack
  4. Click Next to proceed with the next step of the wizard.
  5. Specify a name and all parameters for the stack.
  6. Click Next to proceed with the next step of the wizard.
  7. Click Next to skip the Options step of the wizard.
  8. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  9. Click Create to start the creation of the stack.
  10. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

RDS Postgres

Multi-AZ Postgres for HA.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/rds-postgres.yaml

Installation Guide

  1. This template depends on one of our vpc-*azs.yaml templates. Launch Stack
  2. This template depends on the client-sg.yaml template. Launch Stack
  3. Launch Stack
  4. Click Next to proceed with the next step of the wizard.
  5. Specify a name and all parameters for the stack.
  6. Click Next to proceed with the next step of the wizard.
  7. Click Next to skip the Options step of the wizard.
  8. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  9. Click Create to start the creation of the stack.
  10. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Limitations

S3

S3 bucket with different access requirements:

Access Description
Private No bucket policy, access via IAM.
PublicRead Allow reads from anyone.
CloudFrontRead Allow reads from CloudFront via Origin Access Identity (see CloudFrontOriginAccessIdentity output)
CloudFrontAccessLogWrite Allow CloudFront to store access logs in this bucket.
ElbAccessLogWrite Allow ELB to store access logs in this bucket.
S3AccessLogWrite Allow S3 to store access logs in this bucket.
ConfigWrite Allow Config to store data in this bucket.
CloudTrailWrite Allow CloudTrail to store data in this bucket.
VpcEndpointRead Allow reads from requests coming over a specific VPC endpoint (see ParentVpcEndpointStack parameter)
FlowLogWrite Allow VPC Flow Logs to store data in this bucket.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/s3.yaml

Installation Guide

  1. Launch Stack
  2. Click Next to proceed with the next step of the wizard.
  3. Specify a name and all parameters for the stack.
  4. Click Next to proceed with the next step of the wizard.
  5. Click Next to skip the Options step of the wizard.
  6. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  7. Click Create to start the creation of the stack.
  8. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies

Database Secret

Random or prepopulated master user secret for databases.

Amazon S3 URL: https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates-releases-eu-west-1/stable/state/secretsmanager-dbsecret.yaml

Installation Guide

  1. Launch Stack
  2. Click Next to proceed with the next step of the wizard.
  3. Specify a name and all parameters for the stack.
  4. Click Next to proceed with the next step of the wizard.
  5. Click Next to skip the Options step of the wizard.
  6. Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
  7. Click Create to start the creation of the stack.
  8. Wait until the stack reaches the state CREATE_COMPLETE

Dependencies