New: Become a sponsor via GitHub Sponsors!
AWS offers many services to store state / data. Some are persistent, others are not.
Client Security Group
Some data stores are integrated into the VPC, others are only accessible via the AWS API. For VPC integration, you have to create a Client Security Group stack. The stack is used as a parent stack for ElastiCache, Elasticsearch, and RDS. To communicate with the data store from a EC2 instance, you have to attach the Client Security Group to the EC2 instance. The Security Group does not have any rules, but it marks traffic. The marked traffic is then allowed to enter the data store.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)
DocumentDB
Two node DocumentDB cluster for HA.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)security/kms-key.yaml
(recommended)operations/alert.yaml
(recommended)vpc/vpc-*-bastion.yaml
state/secretsmanager-secret.yaml
Limitations
- No auto scaling
DynamoDB table
DynamoDB table with auto scaling for read and write capacity.
Installation Guide
- Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
operations/alert.yaml
(recommended)
Limitations
- Encryption at rest with AWS managed CMK (customer managed is not supported)
ElastiCache memcached
Cluster of memcached nodes.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
operations/alert.yaml
(recommended)
Limitations
- No backup
- No data replication (use as a in-memory cache only)
- No auto scaling
ElastiCache Redis
Two redis nodes in Multi-AZ mode with a single shard.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
operations/alert.yaml
(recommended)
Limitations
- No auto scaling
Elasticsearch
Cluster of Elasticsearch nodes.
Installation Guide
- Create Service-Linked Role for Elasticsearch:
aws --region us-east-1 iam create-service-linked-role --aws-service-name es.amazonaws.com
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)security/kms-key.yaml
(recommended)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
operations/alert.yaml
(recommended)
Limitations
- No auto scaling
RDS Aurora
Two node Aurora cluster for HA.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)security/kms-key.yaml
(recommended)operations/alert.yaml
(recommended)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
state/secretsmanager-secret.yaml
Limitations
- No auto scaling
RDS Aurora Serverless MySQL
RDS Aurora Serverless MySQL cluster.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - This template depends on the
kms-key.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)security/kms-key.yaml
(required)operations/alert.yaml
(recommended)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
state/secretsmanager-secret.yaml
RDS Aurora Serverless Postgres
RDS Aurora Serverless Postgres cluster.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - This template depends on the
kms-key.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)security/kms-key.yaml
(required)operations/alert.yaml
(recommended)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
state/secretsmanager-secret.yaml
RDS MySQL
Multi-AZ MySQL for HA.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)security/kms-key.yaml
(recommended)operations/alert.yaml
(recommended)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
state/secretsmanager-secret.yaml
Limitations
- No auto scaling
RDS Postgres
Multi-AZ Postgres for HA.
Installation Guide
- This template depends on one of our
vpc-*azs.yaml
templates. - This template depends on the
client-sg.yaml
template. - Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
vpc/vpc-*azs.yaml
(required)state/client-sg.yaml
(required)security/kms-key.yaml
(recommended)operations/alert.yaml
(recommended)vpc/zone-*.yaml
vpc/vpc-*-bastion.yaml
state/secretsmanager-secret.yaml
Limitations
- No auto scaling
S3
S3 bucket with different access requirements:
Access | Description |
---|---|
Private | No bucket policy, access via IAM. |
PublicRead | Allow reads from anyone. |
CloudFrontRead | Allow reads from CloudFront via Origin Access Identity (see CloudFrontOriginAccessIdentity output) |
CloudFrontAccessLogWrite | Allow CloudFront to store access logs in this bucket. |
ElbAccessLogWrite | Allow ELB to store access logs in this bucket. |
S3AccessLogWrite | Allow S3 to store access logs in this bucket. |
ConfigWrite | Allow Config to store data in this bucket. |
CloudTrailWrite | Allow CloudTrail to store data in this bucket. |
VpcEndpointRead | Allow reads from requests coming over a specific VPC endpoint (see ParentVpcEndpointStack parameter) |
FlowLogWrite | Allow VPC Flow Logs to store data in this bucket. |
Installation Guide
- Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
security/kms-key.yaml
(recommended)
Database Secret
Random or prepopulated master user secret for databases.
Installation Guide
- Click Next to proceed with the next step of the wizard.
- Specify a name and all parameters for the stack.
- Click Next to proceed with the next step of the wizard.
- Click Next to skip the Options step of the wizard.
- Check the I acknowledge that this template might cause AWS CloudFormation to create IAM resources. checkbox.
- Click Create to start the creation of the stack.
- Wait until the stack reaches the state CREATE_COMPLETE
Dependencies
security/kms-key.yaml