{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Main Oracle Vanessa Database of ENTERPRISE", "Metadata": { "AlertIdentifier": "db-deployment", "Tags": { "CostCenter": "hosting-deployment" } }, "Parameters": { "AppGroup": { "Type": "String", "Default": "oracle-vanessa-main" }, "Environment": { "Type": "String", "Default": "/global/environment", "Description": "Environment in which resources are deployed." }, "InstanceClass": { "Type": "String" }, "Iops": { "Type": "String", "Default": "" }, "DBInstanceActualSnapshotIdentifier": { "Type": "String", "Default": "" }, "DBInstanceDeleted": { "Type": "String", "Default": "false", "AllowedValues": [ "true", "false" ] }, "AllocatedStorage": { "Type": "String", "Default": "" }, "MasterUsername": { "Type": "String", "Default": "ROOT" }, "EncryptedMasterUserPassword": { "Type": "String" }, "RefreshScheduleExpression": { "Type": "String", "Default": "cron(30 4 * * ? *)" }, "RefreshSourceDatabaseId": { "Type": "String", "Default": "production-respawn-oracle-vanessa" }, "DbInstanceDbUserDBAVANESSAEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserDEVVANESSAEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserOMSEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserTMSEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserMANHATTANWMSEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserVANFACTEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserVANESSAQUEUEEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserMASKTOOLKITEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserUT3EncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserJVISSEREncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserTLOSEncryptedPassword": { "Type": "String", "Default": "" }, "DbInstanceDbUserDBAROBEncryptedPassword": { "Type": "String", "Default": "" }, "RdsSnapshotCleanupSchedule": { "Type": "String", "Default": "cron(35 5 * * ? *)" }, "RdsSnapshotCleanupSnapshotType": { "Type": "String", "Default": "manual" }, "RdsSnapshotCleanupKeepSnapshotsAmount": { "Type": "Number", "Default": 0 }, "TopExpensiveSqlsReportSchedule": { "Type": "String", "Default": "cron(35 5 * * ? *)" } }, "Mappings": { "Environment": { "testing": { "BackupRetentionPeriod": "0", "Engine": "oracle-se2", "OldMajorEngineVersion": "12.1", "ActiveMajorEngineVersion": "19", "LicenseModel": "license-included", "MultiAZ": "false", "PreferredBackupWindow": "", "PreferredMaintenanceWindow": "Mon:01:00-Mon:02:00" }, "acceptance": { "BackupRetentionPeriod": "0", "Engine": "oracle-se2", "OldMajorEngineVersion": "12.1", "ActiveMajorEngineVersion": "19", "LicenseModel": "license-included", "MultiAZ": "false", "PreferredBackupWindow": "", "PreferredMaintenanceWindow": "Tue:01:00-Tue:02:00" }, "production": { "BackupRetentionPeriod": "35", "Engine": "oracle-ee", "OldMajorEngineVersion": "11.2", "ActiveMajorEngineVersion": "19", "LicenseModel": "bring-your-own-license", "MultiAZ": "true", "PreferredBackupWindow": "00:00-01:00", "PreferredMaintenanceWindow": "Wed:02:00-Wed:02:30" } } }, "Conditions": { "DBInstanceIncludeDBInstance": { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "Environment" }, "production" ] }, { "Fn::And": [ { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "DBInstanceDeleted" }, "true" ] } ] }, { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "DBInstanceActualSnapshotIdentifier" }, "" ] } ] } ] } ] }, "IsTesting": { "Fn::Equals": [ { "Ref": "Environment" }, "testing" ] }, "IsNotTesting": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "Environment" }, "testing" ] } ] }, "IsAcceptance": { "Fn::Equals": [ { "Ref": "Environment" }, "acceptance" ] }, "IsProduction": { "Fn::Equals": [ { "Ref": "Environment" }, "production" ] }, "IsNotProduction": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "Environment" }, "production" ] } ] }, "IsStandardEdition2": { "Fn::Equals": [ { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "Engine" ] }, "oracle-se2" ] }, "NeedsXmldbOption": { "Fn::Equals": [ { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "ActiveMajorEngineVersion" ] }, "11.2" ] }, "SetDbUserPassword": { "Fn::And": [ { "Condition": "IsNotProduction" }, { "Condition": "DBInstanceIncludeDBInstance" } ] }, "SetSchemaPassword": { "Fn::And": [ { "Condition": "IsAcceptance" }, { "Condition": "DBInstanceIncludeDBInstance" } ] }, "HasIops": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "Iops" }, "" ] } ] }, "HasAllocatedStorage": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "AllocatedStorage" }, "" ] } ] }, "TopExpensiveSqlsReport": { "Fn::And": [ { "Condition": "IsProduction" }, { "Condition": "DBInstanceIncludeDBInstance" } ] }, "IsMajorEngineVersionChanged": { "Fn::Not": [ { "Fn::Equals": [ { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "OldMajorEngineVersion" ] }, { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "ActiveMajorEngineVersion" ] } ] } ] } }, "Resources": { "DBInstance": { "Type": "AWS::RDS::DBInstance", "Condition": "DBInstanceIncludeDBInstance", "Properties": { "AllocatedStorage": { "Fn::If": [ "HasAllocatedStorage", { "Ref": "AllocatedStorage" }, { "Ref": "AWS::NoValue" } ] }, "AllowMajorVersionUpgrade": false, "AutoMinorVersionUpgrade": true, "BackupRetentionPeriod": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "BackupRetentionPeriod" ] }, "CharacterSetName": "WE8ISO8859P15", "CopyTagsToSnapshot": true, "DBInstanceClass": { "Ref": "InstanceClass" }, "DBInstanceIdentifier": { "Fn::Sub": "${Environment}-${AppGroup}" }, "DBParameterGroupName": { "Fn::If": [ "IsMajorEngineVersionChanged", { "Ref": "DBParameterGroupEngineVersion19" }, { "Ref": "DBParameterGroup" } ] }, "DBSnapshotIdentifier": { "Ref": "DBInstanceActualSnapshotIdentifier" }, "DBSubnetGroupName": { "Ref": "DBSubnetGroup" }, "EnableCloudwatchLogsExports": [ "alert", "audit", "listener", "trace" ], "EnablePerformanceInsights": true, "Engine": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "Engine" ] }, "Iops": { "Fn::If": [ "HasIops", { "Ref": "Iops" }, { "Ref": "AWS::NoValue" } ] }, "KmsKeyId": { "Fn::ImportValue": "iam-databases-kms-key-id" }, "LicenseModel": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "LicenseModel" ] }, "MasterUsername": { "Ref": "MasterUsername" }, "MasterUserPassword": { "Fn::GetAtt": [ "DecryptedMasterUserPassword", "Value" ] }, "MonitoringInterval": 15, "MonitoringRoleArn": { "Fn::ImportValue": "iam-rds-enhanced-monitoring-role" }, "MultiAZ": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "MultiAZ" ] }, "OptionGroupName": { "Fn::If": [ "IsMajorEngineVersionChanged", { "Ref": "OptionGroupEngineVersion19" }, { "Ref": "OptionGroup" } ] }, "PerformanceInsightsRetentionPeriod": 731, "PreferredBackupWindow": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "PreferredBackupWindow" ] }, "PreferredMaintenanceWindow": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "PreferredMaintenanceWindow" ] }, "PubliclyAccessible": false, "StorageEncrypted": true, "StorageType": { "Fn::If": [ "HasIops", "io1", { "Ref": "AWS::NoValue" } ] }, "ProcessorFeatures": { "Fn::If": [ "IsProduction", [ { "Name": "threadsPerCore", "Value": "2" }, { "Name": "coreCount", "Value": "16" } ], [] ] }, "VPCSecurityGroups": [ { "Fn::If": [ "IsTesting", { "Fn::ImportValue": "infrastructure-default-developer-database-access-security-group" }, { "Ref": "AWS::NoValue" } ] }, { "Fn::ImportValue": "oracle-copy-security-group-name" }, { "Fn::ImportValue": "automatic-rds-refresh-security-group" }, { "Fn::ImportValue": "oracle-custom-tools-security-group" }, { "Ref": "PrivateSecurityGroup" } ], "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}" } }, { "Key": "AppGroup", "Value": { "Ref": "AppGroup" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } } ] }, "DeletionPolicy": "Snapshot", "UpdateReplacePolicy": "Snapshot" }, "DBParameterGroup": { "Type": "AWS::RDS::DBParameterGroup", "Properties": { "Description": "Main Oracle Vanessa Parameter Group", "Family": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "Engine" ] }, { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "OldMajorEngineVersion" ] } ] ] }, "Parameters": { "audit_sys_operations": "true", "audit_trail": "DB, EXTENDED", "cursor_sharing": "FORCE", "db_block_checking": "FULL", "db_block_checksum": "FULL", "db_lost_write_protect": "TYPICAL", "fast_start_mttr_target": { "Fn::If": [ "IsStandardEdition2", { "Ref": "AWS::NoValue" }, "300" ] }, "global_names": "FALSE", "job_queue_processes": "100", "log_buffer": "63995904", "open_cursors": "4000", "optimizer_features_enable": "11.2.0.3", "optimizer_index_caching": "90", "optimizer_index_cost_adj": "45", "optimizer_use_sql_plan_baselines": "FALSE", "parallel_max_servers": "16", "parallel_servers_target": "16", "parallel_threads_per_cpu": "2", "processes": "5000", "resource_limit": "TRUE", "resource_manager_plan": { "Fn::If": [ "IsStandardEdition2", { "Ref": "AWS::NoValue" }, "ENTERPRISE_V2" ] }, "session_cached_cursors": "200", "undo_retention": "7200", "sqlnetora.sqlnet.expire_time": "3" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}" } }, { "Key": "AppGroup", "Value": { "Fn::Sub": "${AppGroup}" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } } ] } }, "DBParameterGroupEngineVersion19": { "Type": "AWS::RDS::DBParameterGroup", "Properties": { "Description": "Main Oracle Vanessa Parameter Group for Oracle 19c", "Family": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "Engine" ] }, "19" ] ] }, "Parameters": { "audit_sys_operations": "true", "audit_trail": "DB, EXTENDED", "cursor_sharing": "FORCE", "db_block_checking": "FULL", "db_block_checksum": "FULL", "db_lost_write_protect": "TYPICAL", "fast_start_mttr_target": { "Fn::If": [ "IsStandardEdition2", { "Ref": "AWS::NoValue" }, "300" ] }, "global_names": "FALSE", "job_queue_processes": "100", "log_buffer": "63995904", "open_cursors": "4000", "optimizer_index_caching": "90", "optimizer_index_cost_adj": "45", "optimizer_use_sql_plan_baselines": "FALSE", "parallel_max_servers": "16", "parallel_servers_target": "16", "parallel_threads_per_cpu": "2", "processes": "5000", "resource_limit": "TRUE", "resource_manager_plan": { "Fn::If": [ "IsStandardEdition2", { "Ref": "AWS::NoValue" }, "ENTERPRISE_V2" ] }, "session_cached_cursors": "200", "undo_retention": "7200", "sqlnetora.sqlnet.expire_time": "3" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}" } }, { "Key": "AppGroup", "Value": { "Fn::Sub": "${AppGroup}" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } } ] } }, "DBSubnetGroup": { "Type": "AWS::RDS::DBSubnetGroup", "Properties": { "DBSubnetGroupDescription": "Main Oracle Vanessa Subnet Group", "DBSubnetGroupName": { "Ref": "AppGroup" }, "SubnetIds": [ { "Fn::ImportValue": "infrastructure-private-database-subnet-1a" }, { "Fn::ImportValue": "infrastructure-private-database-subnet-1b" }, { "Fn::ImportValue": "infrastructure-private-database-subnet-1c" } ], "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}" } }, { "Key": "AppGroup", "Value": { "Ref": "AppGroup" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } } ] } }, "DecryptedMasterUserPassword": { "Type": "Custom::DecryptSecret", "Properties": { "ServiceToken": { "Fn::ImportValue": "custom-resource-lambda-kms-decrypt" }, "CiphertextBlob": { "Ref": "EncryptedMasterUserPassword" } } }, "OptionGroup": { "Type": "AWS::RDS::OptionGroup", "Properties": { "EngineName": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "Engine" ] }, "MajorEngineVersion": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "OldMajorEngineVersion" ] }, "OptionGroupDescription": "Main Oracle Vanessa Option Group", "OptionConfigurations": [ { "OptionName": "SSL", "VpcSecurityGroupMemberships": [ { "Fn::If": [ "IsTesting", { "Fn::ImportValue": "infrastructure-default-developer-database-access-security-group" }, { "Ref": "AWS::NoValue" } ] }, { "Fn::ImportValue": "oracle-copy-security-group-name" }, { "Fn::ImportValue": "automatic-rds-refresh-security-group" }, { "Fn::ImportValue": "oracle-custom-tools-security-group" }, { "Ref": "PrivateSecurityGroup" } ], "OptionSettings": [ { "Name": "SQLNET.SSL_VERSION", "Value": "1.2 or 1.0" } ] }, { "OptionName": "Timezone", "OptionSettings": [ { "Name": "TIME_ZONE", "Value": "Europe/Amsterdam" } ] }, { "OptionName": "SQLT", "OptionVersion": "2018-07-25.v1", "OptionSettings": [ { "Name": "LICENSE_PACK", "Value": "T" } ] }, { "Fn::If": [ "NeedsXmldbOption", { "OptionName": "XMLDB" }, { "Ref": "AWS::NoValue" } ] } ], "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}" } }, { "Key": "AppGroup", "Value": { "Ref": "AppGroup" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } } ] } }, "OptionGroupEngineVersion19": { "Type": "AWS::RDS::OptionGroup", "Properties": { "EngineName": { "Fn::FindInMap": [ "Environment", { "Ref": "Environment" }, "Engine" ] }, "MajorEngineVersion": "19", "OptionGroupDescription": "Main Oracle Vanessa Option Group for Oracle 19c", "OptionConfigurations": [ { "OptionName": "SSL", "VpcSecurityGroupMemberships": [ { "Fn::If": [ "IsTesting", { "Fn::ImportValue": "infrastructure-default-developer-database-access-security-group" }, { "Ref": "AWS::NoValue" } ] }, { "Fn::ImportValue": "oracle-copy-security-group-name" }, { "Fn::ImportValue": "automatic-rds-refresh-security-group" }, { "Fn::ImportValue": "oracle-custom-tools-security-group" }, { "Ref": "PrivateSecurityGroup" } ], "OptionSettings": [ { "Name": "SQLNET.SSL_VERSION", "Value": "1.2 or 1.0" } ] }, { "OptionName": "Timezone", "OptionSettings": [ { "Name": "TIME_ZONE", "Value": "Europe/Amsterdam" } ] }, { "OptionName": "OEM", "VpcSecurityGroupMemberships": [ { "Ref": "PrivateSecurityGroup" } ], "Port": 5500 }, { "OptionName": "SQLT", "OptionVersion": "2018-07-25.v1", "OptionSettings": [ { "Name": "LICENSE_PACK", "Value": "T" } ] } ], "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}" } }, { "Key": "AppGroup", "Value": { "Ref": "AppGroup" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } } ] } }, "PrivateSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Main Oracle Vanessa Private Security Group", "VpcId": { "Fn::ImportValue": "infrastructure-vpc" }, "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 5500, "ToPort": 5500, "CidrIp": "10.0.118.0/23", "Description": "Enable OEM connection from ENTERPRISE-IT vlan 250" }, { "IpProtocol": "tcp", "FromPort": 5500, "ToPort": 5500, "CidrIp": "10.1.40.0/23", "Description": "Enable OEM connection from ENTERPRISE-IT vlan 251" }, { "IpProtocol": "tcp", "FromPort": 5500, "ToPort": 5500, "CidrIp": "192.168.66.0/25", "Description": "Enable OEM connection from ENTERPRISE-IT SSLVPN" }, { "IpProtocol": "tcp", "FromPort": 5500, "ToPort": 5500, "CidrIp": "192.168.36.0/23", "Description": "Enable OEM connection from ENTERPRISE IT Employee VPN" }, { "IpProtocol": "tcp", "FromPort": 5500, "ToPort": 5500, "CidrIp": "192.168.46.0/23", "Description": "Enable OEM connection from ENTERPRISE IT Employee VPN" }, { "IpProtocol": "tcp", "FromPort": 5500, "ToPort": 5500, "CidrIp": "192.168.30.0/20", "Description": "Enable OEM connection from ENTERPRISE IT Employee VPN" }, { "Description": "Allow connection from Linux TeamCity agents", "IpProtocol": "tcp", "FromPort": 2484, "ToPort": 2484, "SourceSecurityGroupId": { "Fn::ImportValue": "teamcity-agent-linux-private-security-group" } } ], "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}-private" } }, { "Key": "AppGroup", "Value": { "Ref": "AppGroup" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } } ] } }, "DatacenterIngress": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "Description": "Allow connections from all resources implementing this Security Group", "CidrIp": "192.168.0.0/16", "GroupId": { "Ref": "PrivateSecurityGroup" }, "IpProtocol": "tcp", "FromPort": 2484, "ToPort": 2484 } }, "AllPhysicalLocationsIngress": { "Type": "AWS::EC2::SecurityGroupIngress", "Condition": "IsNotTesting", "Properties": { "Description": "Access to Oracle from all ENTERPRISE physical locations. Intentionally not /8 as that would cover AWS as well.", "IpProtocol": "tcp", "FromPort": 2484, "ToPort": 2484, "CidrIp": "10.0.0.0/9", "GroupId": { "Ref": "PrivateSecurityGroup" } } }, "PrivateSecurityGroupOwnIngress": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "Description": "Allow connections from all resources implementing this Security Group", "GroupId": { "Ref": "PrivateSecurityGroup" }, "IpProtocol": "tcp", "FromPort": 2484, "ToPort": 2484, "SourceSecurityGroupId": { "Ref": "PrivateSecurityGroup" } } }, "PrivateSecurityGroupOwnEgress": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "Description": "Allow connections to databases implementing this Security Group", "GroupId": { "Ref": "PrivateSecurityGroup" }, "IpProtocol": "tcp", "FromPort": 2484, "ToPort": 2484, "DestinationSecurityGroupId": { "Ref": "PrivateSecurityGroup" } } }, "WindowsTeamCityAgentsIngress": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "Description": "Allow connection from Windows TeamCity agents", "GroupId": { "Ref": "PrivateSecurityGroup" }, "IpProtocol": "tcp", "FromPort": 2484, "ToPort": 2484, "SourceSecurityGroupId": { "Fn::ImportValue": "teamcity-agent-windows-private-security-group" } } }, "DatabaseMonitoringOraclePrivateIngress": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "PrivateSecurityGroup" }, "IpProtocol": "tcp", "FromPort": 2484, "ToPort": 2484, "SourceSecurityGroupId": { "Fn::ImportValue": "monitoring-private-security-group" } } }, "AutomaticRdsRefreshSchedulerRule": { "Type": "AWS::Events::Rule", "Condition": "IsNotProduction", "Properties": { "Name": { "Fn::Sub": "trigger-rds-refresh-${AppGroup}-DBInstance" }, "ScheduleExpression": { "Ref": "RefreshScheduleExpression" }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::ImportValue": "automatic-rds-refresh-refresh-rds-instance-latest-snapshot" }, "Id": { "Fn::Sub": "${AppGroup}-DBInstance" }, "Input": { "Fn::Sub": "{\"stack_name\": \"${AWS::StackName}\", \"logical_instance_name\": \"DBInstance\", \"source_database_id\": \"${RefreshSourceDatabaseId}\", \"storage_type\": \"io1\"}" } } ] } }, "EnableJobScheduler": { "Type": "Custom::AutomaticRdsRefreshJobScheduler", "Condition": "DBInstanceIncludeDBInstance", "Properties": { "ServiceToken": { "Fn::ImportValue": "automatic-rds-refresh-custom-resource-job-scheduler" }, "DbMasterUser": { "Ref": "MasterUsername" }, "DbMasterUserPassword": { "Fn::GetAtt": [ "DecryptedMasterUserPassword", "Value" ] }, "DbEndpointAddress": { "Fn::GetAtt": [ "DBInstance", "Endpoint", "Address" ] }, "Condition": "true" } }, "SetDbUserPassword": { "Type": "Custom::SetDbUserPassword", "Condition": "SetDbUserPassword", "Properties": { "ServiceToken": { "Fn::ImportValue": "set-db-user-password-oracle-custom-tools" }, "DbMasterUser": { "Ref": "MasterUsername" }, "EncryptedDbMasterUserPassword": { "Ref": "EncryptedMasterUserPassword" }, "DbEndpointAddress": { "Fn::GetAtt": [ "DBInstance", "Endpoint", "Address" ] }, "DbUsers": [ { "DbUser": "JVISSER", "EncryptedPassword": { "Ref": "DbInstanceDbUserJVISSEREncryptedPassword" } }, { "DbUser": "TLOS", "EncryptedPassword": { "Ref": "DbInstanceDbUserTLOSEncryptedPassword" } }, { "DbUser": "DBA_ROB", "EncryptedPassword": { "Ref": "DbInstanceDbUserDBAROBEncryptedPassword" } } ] } }, "SetSchemaPassword": { "Type": "Custom::SetDbUserPassword", "Condition": "SetSchemaPassword", "Properties": { "ServiceToken": { "Fn::ImportValue": "set-db-user-password-oracle-custom-tools" }, "DbMasterUser": { "Ref": "MasterUsername" }, "EncryptedDbMasterUserPassword": { "Ref": "EncryptedMasterUserPassword" }, "DbEndpointAddress": { "Fn::GetAtt": [ "DBInstance", "Endpoint", "Address" ] }, "DbUsers": [ { "DbUser": "DBAVANESSA", "EncryptedPassword": { "Ref": "DbInstanceDbUserDBAVANESSAEncryptedPassword" } }, { "DbUser": "DEVVANESSA", "EncryptedPassword": { "Ref": "DbInstanceDbUserDEVVANESSAEncryptedPassword" } }, { "DbUser": "OMS", "EncryptedPassword": { "Ref": "DbInstanceDbUserOMSEncryptedPassword" } }, { "DbUser": "TMS", "EncryptedPassword": { "Ref": "DbInstanceDbUserTMSEncryptedPassword" } }, { "DbUser": "MANHATTANWMS", "EncryptedPassword": { "Ref": "DbInstanceDbUserMANHATTANWMSEncryptedPassword" } }, { "DbUser": "VANFACT", "EncryptedPassword": { "Ref": "DbInstanceDbUserVANFACTEncryptedPassword" } }, { "DbUser": "VANESSA_QUEUE", "EncryptedPassword": { "Ref": "DbInstanceDbUserVANESSAQUEUEEncryptedPassword" } }, { "DbUser": "UT3", "EncryptedPassword": { "Ref": "DbInstanceDbUserUT3EncryptedPassword" } }, { "DbUser": "MASK_TOOLKIT", "EncryptedPassword": { "Ref": "DbInstanceDbUserMASKTOOLKITEncryptedPassword" } } ] } }, "CreateMetadataInformation": { "Type": "Custom::CreateMetadataInformation", "Condition": "DBInstanceIncludeDBInstance", "Properties": { "ServiceToken": { "Fn::ImportValue": "create-metadata-information-oracle-custom-tools" }, "DbEndpointAddress": { "Fn::GetAtt": [ "DBInstance", "Endpoint", "Address" ] }, "DbPort": 2484, "DbService": "ORCL_A", "DbProtocol": "tcps", "DbMasterUser": { "Ref": "MasterUsername" }, "DbMasterUserPassword": { "Fn::GetAtt": [ "DecryptedMasterUserPassword", "Value" ] }, "Tags": [ { "Key": "Name", "Value": { "Fn::Sub": "${Environment}-${AppGroup}" } }, { "Key": "AppGroup", "Value": { "Ref": "AppGroup" } }, { "Key": "Environment", "Value": { "Ref": "Environment" } }, { "Key": "DBSnapshotIdentifier", "Value": { "Ref": "DBInstanceActualSnapshotIdentifier" } } ] } }, "CleanupSnapshotsSchedulerRule": { "Type": "AWS::Events::Rule", "Condition": "IsNotProduction", "Properties": { "Name": { "Fn::Sub": "oracle-custom-tools-crs-${AppGroup}-DBInstance" }, "ScheduleExpression": { "Ref": "RdsSnapshotCleanupSchedule" }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::ImportValue": "oracle-custom-tools-cleanup-rds-snapshots" }, "Id": { "Fn::Sub": "${AppGroup}-DBInstance" }, "Input": { "Fn::Sub": "{\"db_instance_identifier\": \"${Environment}-${AppGroup}\", \"snapshot_type\": \"${RdsSnapshotCleanupSnapshotType}\", \"keep_snapshots_amount\": ${RdsSnapshotCleanupKeepSnapshotsAmount}}" } } ] } }, "TopExpensiveSqlsReportRule": { "Type": "AWS::Events::Rule", "Condition": "TopExpensiveSqlsReport", "Properties": { "Name": { "Fn::Sub": "oracle-custom-tools-tes-rep-${AppGroup}-DBInstance" }, "ScheduleExpression": { "Ref": "TopExpensiveSqlsReportSchedule" }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::ImportValue": "oracle-custom-tools-top-expensive-sqls-reports" }, "Id": { "Fn::Sub": "${AppGroup}-DBInstance" }, "Input": { "Fn::Sub": "{\"DbEndpointAddress\": \"${DBInstance.Endpoint.Address}\", \"DbPort\": \"2484\", \"DbService\": \"ORCL_A\", \"DbProtocol\": \"tcps\", \"DbMasterUser\": \"${MasterUsername}\", \"EncryptedDbMasterUserPassword\": \"${EncryptedMasterUserPassword}\", \"NumberOfSqls\": 10, \"Environment\": \"${Environment}\"}" } } ] } } }, "Outputs": { "PrivateSecurityGroup": { "Value": { "Ref": "PrivateSecurityGroup" }, "Export": { "Name": "oracle-vanessa-main-security-group" } } } }