├── .github
    └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── NOTICE
├── README.md
├── aurora.yaml
├── create.sh
├── master.yaml
├── network.yaml
├── proxy-sql.png
├── proxysql.yaml
├── secgroups.yaml
└── update.sh


/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | *Issue #, if available:*
2 | 
3 | *Description of changes:*
4 | 
5 | 
6 | By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
7 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | Diagrams for ProxySQL Blog .pptx
2 | ~$Diagrams for ProxySQL Blog.pptx
3 | .github
4 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | ## Code of Conduct
2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
4 | opensource-codeofconduct@amazon.com with any additional questions or comments.
5 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contributing Guidelines
 2 | 
 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 
 4 | documentation, we greatly value feedback and contributions from our community.
 5 | 
 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 
 7 | information to effectively respond to your bug report or contribution.
 8 | 
 9 | 
10 | ## Reporting Bugs/Feature Requests
11 | 
12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features.
13 | 
14 | When filing an issue, please check [existing open](https://github.com/aws-samples/amazon-aurora-proxysql-example/issues), or [recently closed](https://github.com/aws-samples/amazon-aurora-proxysql-example/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already 
15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
16 | 
17 | * A reproducible test case or series of steps
18 | * The version of our code being used
19 | * Any modifications you've made relevant to the bug
20 | * Anything unusual about your environment or deployment
21 | 
22 | 
23 | ## Contributing via Pull Requests
24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
25 | 
26 | 1. You are working against the latest source on the *master* branch.
27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
29 | 
30 | To send us a pull request, please:
31 | 
32 | 1. Fork the repository.
33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
34 | 3. Ensure local tests pass.
35 | 4. Commit to your fork using clear commit messages.
36 | 5. Send us a pull request, answering any default questions in the pull request interface.
37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
38 | 
39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 
40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
41 | 
42 | 
43 | ## Finding contributions to work on
44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-samples/amazon-aurora-proxysql-example/labels/help%20wanted) issues is a great place to start. 
45 | 
46 | 
47 | ## Code of Conduct
48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
50 | opensource-codeofconduct@amazon.com with any additional questions or comments.
51 | 
52 | 
53 | ## Security issue notifications
54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
55 | 
56 | 
57 | ## Licensing
58 | 
59 | See the [LICENSE](https://github.com/aws-samples/amazon-aurora-proxysql-example/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
60 | 
61 | We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
62 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 4 | this software and associated documentation files (the "Software"), to deal in
 5 | the Software without restriction, including without limitation the rights to
 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 7 | the Software, and to permit persons to whom the Software is furnished to do so.
 8 | 
 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/NOTICE:
--------------------------------------------------------------------------------
1 | Code for "A single endpoint for reads and writes with MySql-compatible Amazon Aurora RDS"
2 | Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. 
3 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Amazon Aurora ProxySQL example
 2 | 
 3 | ![Amazon Aurora ProxySQL Example](proxy-sql.png)
 4 | 
 5 | A set of CloudFormation templates that demonstrates using ProxySQL middleware to provide a single endpoint for both the primary and read replica instances of an Amazon Aurora MySql-compatible cluster.
 6 | 
 7 | These CloudFormation (CFN) templates deploy an Aurora RDS MySql-compatible
 8 | cluster with proxysql middleware. ProxySQL offers a single endpoint that directs traffic
 9 | to the RDS cluster endpoint for writes and the RDS reader endpoint for reads.
10 | 
11 | The templates also set up a VPC with public and private subnets, security groups that 
12 | limit communication, and an ELB to expose the proxysql instance externally.
13 | 
14 | ## License Summary
15 | 
16 | This sample code is made available under a modified MIT license. See the LICENSE file.
17 | 
18 | ## Setup
19 | 
20 | We assume that you have the AWS CLI installed and configured.  Create an S3 bucket
21 | to contain the CFN templates.  We'll refer to this as `templatebucket`.
22 | 
23 | In the scripts `create.sh` and `update.sh`, review and update the parameters.  You must
24 | put in your own SSH key name in the `keyname` parameter, and we strongly encourage you to
25 | change the `AllowedCidrIngress` from the default of `0.0.0.0/0`.
26 | 
27 | ## Create the CFN stack
28 | 
29 | Run:
30 | 
31 |     ./create.sh templatebucket proxysql proxysqlstack us-west-2
32 | 
33 | Use your AWS region of choice if you don't want to run in `us-west-2`.
34 | 
35 | ## Updating the stack
36 | 
37 | You can run the following to update the stack if you change the configuration:
38 | 
39 |     ./update.sh templatebucket proxysql proxysqlstack us-west-2
40 | 
41 | ## Using the stack
42 | 
43 | Look for the stack output parameter `Endpoint`.  You can use `Endpoint:3306` as your
44 | MySql-compatible connection host.
45 | 
46 | ## License Summary
47 | 
48 | This sample code is made available under a modified MIT license. See the LICENSE file.
49 | 


--------------------------------------------------------------------------------
/aurora.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | # SPDX-License-Identifier: MIT-0
  3 | 
  4 | AWSTemplateFormatVersion: "2010-09-09"
  5 | 
  6 | Parameters:
  7 |   DatabaseName:
  8 |     Type: String
  9 |     Default: proxysqlexample
 10 |     MinLength: 1
 11 |     MaxLength: 64
 12 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 13 |   DatabaseUser:
 14 |     Type: String
 15 |     MinLength: 1
 16 |     MaxLength: 16
 17 |     Default: proxysql
 18 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 19 |   DatabasePassword:
 20 |     Type: String
 21 |     MinLength: 8
 22 |     MaxLength: 41
 23 |     Default: pr0xySQL01Cred
 24 |     NoEcho: true
 25 |     AllowedPattern: "[a-zA-Z0-9]*" 
 26 |   DbInstanceSize:
 27 |     Type: String
 28 |     Description: Database instance size
 29 |     AllowedValues:
 30 |       - db.r5.large 	
 31 |       - db.r5.xlarge 	
 32 |       - db.r5.2xlarge 	
 33 |       - db.r5.4xlarge 	
 34 |       - db.r5.8xlarge 	
 35 |       - db.r5.16xlarge
 36 |     Default: "db.r5.large"
 37 |   ProjectTag:
 38 |     Type: String
 39 |     Description: Tag to apply to created resources for visibility
 40 |     Default: ProxySQLDemo
 41 |   SubnetPrivateA: 
 42 |     Description: "First private subnet"
 43 |     Type: "AWS::EC2::Subnet::Id"
 44 |   SubnetPrivateB: 
 45 |     Description: "Second private subnet"
 46 |     Type: "AWS::EC2::Subnet::Id"
 47 |   DBFirewall:
 48 |     Type: String
 49 | Resources:
 50 |   DBAuroraCluster:
 51 |     Type: "AWS::RDS::DBCluster"
 52 |     DependsOn: DBClusterParams
 53 |     Properties:
 54 |       DatabaseName: !Ref DatabaseName
 55 |       Engine: aurora-mysql
 56 |       MasterUsername: !Ref DatabaseUser
 57 |       MasterUserPassword: !Ref DatabasePassword
 58 |       DBSubnetGroupName: !Ref DBSubnets
 59 |       DBClusterParameterGroupName: !Ref DBClusterParams
 60 |       VpcSecurityGroupIds: 
 61 |         - !Ref DBFirewall
 62 |       Tags:
 63 |         - Key: Project
 64 |           Value: !Ref ProjectTag
 65 |   DBAuroraOne:
 66 |     Type : "AWS::RDS::DBInstance"
 67 |     DependsOn: DBParamGroup
 68 |     Properties:
 69 |       DBClusterIdentifier: !Ref DBAuroraCluster
 70 |       Engine: aurora-mysql
 71 |       DBInstanceClass: !Ref DbInstanceSize
 72 |       DBSubnetGroupName: !Ref DBSubnets
 73 |       DBParameterGroupName: !Ref DBParamGroup
 74 |       Tags:
 75 |         - Key: Project
 76 |           Value: !Ref ProjectTag
 77 |   DBAuroraTwo:
 78 |     Type : "AWS::RDS::DBInstance"
 79 |     DependsOn: DBParamGroup
 80 |     Properties:
 81 |       DBClusterIdentifier: !Ref DBAuroraCluster
 82 |       Engine: aurora-mysql
 83 |       DBInstanceClass: !Ref DbInstanceSize
 84 |       DBSubnetGroupName: !Ref DBSubnets
 85 |       DBParameterGroupName: !Ref DBParamGroup
 86 |       Tags:
 87 |         - Key: Project
 88 |           Value: !Ref ProjectTag
 89 |   DBAuroraThree:
 90 |     Type : "AWS::RDS::DBInstance"
 91 |     DependsOn: DBParamGroup
 92 |     Properties:
 93 |       DBClusterIdentifier: !Ref DBAuroraCluster
 94 |       Engine: aurora-mysql
 95 |       DBInstanceClass: !Ref DbInstanceSize
 96 |       DBSubnetGroupName: !Ref DBSubnets
 97 |       DBParameterGroupName: !Ref DBParamGroup
 98 |       Tags:
 99 |         - Key: Project
100 |           Value: !Ref ProjectTag
101 |   DBSubnets:
102 |     Type: "AWS::RDS::DBSubnetGroup"
103 |     Properties: 
104 |       DBSubnetGroupDescription: "Subnets for RDS cluster"
105 |       SubnetIds:
106 |         - !Ref SubnetPrivateA
107 |         - !Ref SubnetPrivateB
108 |       Tags:
109 |         - Key: Project
110 |           Value: !Ref ProjectTag
111 |   DBParamGroup:
112 |     Type: "AWS::RDS::DBParameterGroup"
113 |     Properties:
114 |       Description: Moodle Parameter Group
115 |       Family: aurora-mysql5.7
116 |       Parameters:
117 |         innodb_file_format: Barracuda
118 |         innodb_large_prefix: 1
119 |       Tags:
120 |         - Key: Project
121 |           Value: !Ref ProjectTag
122 |   DBClusterParams:
123 |     Type: "AWS::RDS::DBClusterParameterGroup"
124 |     Properties:
125 |       Parameters:
126 |         innodb_file_per_table: 1
127 |         character_set_database: utf8mb4
128 |       Family: aurora-mysql5.7
129 |       Description: Moodle Cluster Parameter Group
130 |       Tags:
131 |         - Key: Project
132 |           Value: !Ref ProjectTag
133 | 
134 | 
135 | Outputs:
136 |   DBClusterEndpoint:
137 |     Description: Aurora cluster endpoint
138 |     Value: !GetAtt DBAuroraCluster.Endpoint.Address
139 |   DBReadEndpoint:
140 |     Description: Aurora cluster read endpoint
141 |     Value: !GetAtt DBAuroraCluster.ReadEndpoint.Address
142 | 


--------------------------------------------------------------------------------
/create.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 4 | # SPDX-License-Identifier: MIT-0
 5 | 
 6 | templatebucket=$1
 7 | templateprefix=$2
 8 | stackname=$3
 9 | region=$4
10 | SCRIPTDIR=`dirname $0`
11 | if [ "$templatebucket" == "" ]
12 | then
13 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
14 |     exit 1
15 | fi
16 | if [ "$templateprefix" == "" ]
17 | then
18 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
19 |     exit 1
20 | fi
21 | if [ "$stackname" == "" ]
22 | then
23 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
24 |     exit 1
25 | fi
26 | if [ "$region" == "" ]
27 | then
28 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
29 |     exit 1
30 | fi
31 | 
32 | # Check if we need to append region to S3 URL
33 | TEMPLATE_URL=https://s3.amazonaws.com/$templatebucket/$templateprefix/master.yaml
34 | if [ "$region" != "us-east-1" ]
35 | then
36 |     TEMPLATE_URL=https://s3-$region.amazonaws.com/$templatebucket/$templateprefix/master.yaml
37 | fi
38 | 
39 | aws s3 cp master.yaml s3://$templatebucket/$templateprefix/master.yaml --region $region
40 | aws s3 cp network.yaml s3://$templatebucket/$templateprefix/network.yaml --region $region
41 | aws s3 cp secgroups.yaml s3://$templatebucket/$templateprefix/secgroups.yaml --region $region
42 | aws s3 cp aurora.yaml s3://$templatebucket/$templateprefix/aurora.yaml --region $region
43 | aws s3 cp proxysql.yaml s3://$templatebucket/$templateprefix/proxysql.yaml --region $region
44 | 
45 | aws cloudformation create-stack --stack-name $stackname \
46 |     --template-url $TEMPLATE_URL \
47 |     --parameters \
48 |     ParameterKey=TemplateBucketName,ParameterValue=$templatebucket \
49 |     ParameterKey=TemplateBucketPrefix,ParameterValue=$templateprefix \
50 |     ParameterKey=ProjectTag,ParameterValue=proxysqlblog \
51 |     ParameterKey=vpccidr,ParameterValue="10.20.0.0/16" \
52 |     ParameterKey=AllowedCidrIngress,ParameterValue="0.0.0.0/0" \
53 |     ParameterKey=AppPrivateCIDRA,ParameterValue="10.20.3.0/24" \
54 |     ParameterKey=AppPrivateCIDRB,ParameterValue="10.20.4.0/24" \
55 |     ParameterKey=AppPrivateCIDRC,ParameterValue="10.20.5.0/24" \
56 |     ParameterKey=AppPrivateCIDRD,ParameterValue="10.20.6.0/24" \
57 |     ParameterKey=AppPublicCIDRA,ParameterValue="10.20.1.0/24" \
58 |     ParameterKey=AppPublicCIDRB,ParameterValue="10.20.2.0/24" \
59 |     ParameterKey=DatabaseName,ParameterValue="proxysqlexample" \
60 |     ParameterKey=DatabaseUser,ParameterValue="proxysqluser" \
61 |     ParameterKey=DatabasePassword,ParameterValue="pr0xySQL01Cred" \
62 |     ParameterKey=DbInstanceSize,ParameterValue="db.r5.large" \
63 |     ParameterKey=keyname,ParameterValue="ProxySQLDemo" \
64 |     --tags Key=Project,Value=proxysqlblog \
65 |     --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \
66 |     --region $region
67 | 


--------------------------------------------------------------------------------
/master.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | # SPDX-License-Identifier: MIT-0
  3 | 
  4 | AWSTemplateFormatVersion: "2010-09-09"
  5 | Description: >
  6 |   This template builds an Aurora RDS cluster with a proxysql middleware
  7 |   providing a single endpoint for the cluster and reader endpoints.
  8 | 
  9 | Metadata:
 10 |   AWS::CloudFormation::Interface:
 11 |     ParameterGroups:
 12 |       -
 13 |         Label:
 14 |           default: "RDS Configuration"
 15 |         Parameters:
 16 |           - DatabaseName 
 17 |           - DatabaseUser
 18 |           - DatabasePassword
 19 |           - DbInstanceSize
 20 |       -
 21 |         Label:
 22 |           default: "VPC and network Configuration"
 23 |         Parameters:
 24 |           - vpccidr
 25 |           - AllowedCidrIngress
 26 |           - AppPrivateCIDRA
 27 |           - AppPrivateCIDRB
 28 |           - AppPrivateCIDRC
 29 |           - AppPrivateCIDRD
 30 |           - AppPublicCIDRA
 31 |           - AppPublicCIDRB
 32 |       -
 33 |         Label:
 34 |           default: "Other Configuration"
 35 |         Parameters:
 36 |           - ProjectTag
 37 |           - TemplateBucketName
 38 |           - TemplateBucketPrefix
 39 |           - keyname
 40 | 
 41 | Mappings:
 42 |   RegionMap:
 43 |     us-east-1:
 44 |       "REGIONURLSUFFIX" : ""
 45 |     us-west-2:
 46 |       "REGIONURLSUFFIX" : "-us-west-2"
 47 | 
 48 | Parameters:
 49 |   AllowedCidrIngress:
 50 |     Type: String
 51 |     MinLength: 9
 52 |     MaxLength: 18
 53 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 54 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/YY
 55 |     Default: 0.0.0.0/0
 56 |   TemplateBucketName:
 57 |     Type: String
 58 |     Description: >
 59 |       Name for the S3 bucket that contains the nested templates.
 60 |   TemplateBucketPrefix:
 61 |     Type: String
 62 |     Description: >
 63 |       Prefix for the path to the nested templates in the S3 bucket.
 64 |   ProjectTag:
 65 |     Type: String
 66 |     Description: Tag to apply to created resources for visibility
 67 |     Default: proxysqlblog
 68 |   vpccidr:
 69 |     Type: String
 70 |     MinLength: 9
 71 |     MaxLength: 18
 72 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 73 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/16
 74 |     Default: 10.20.0.0/16
 75 |     Description: CIDR block for the VPC 
 76 |   AppPublicCIDRA:
 77 |     Type: String
 78 |     MinLength: 9
 79 |     MaxLength: 18
 80 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 81 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 82 |     Default: 10.20.1.0/24
 83 |     Description: CIDR block for the first public subnet in the VPC.
 84 |   AppPublicCIDRB:
 85 |     Type: String
 86 |     MinLength: 9
 87 |     MaxLength: 18
 88 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 89 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 90 |     Default: 10.20.2.0/24
 91 |     Description: CIDR block for the second public subnet in the VPC.
 92 |   AppPrivateCIDRA:
 93 |     Type: String
 94 |     MinLength: 9
 95 |     MaxLength: 18
 96 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 97 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 98 |     Default: 10.20.3.0/24
 99 |     Description: CIDR block for the first private subnet in the VPC.
100 |   AppPrivateCIDRB:
101 |     Type: String
102 |     MinLength: 9
103 |     MaxLength: 18
104 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
105 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
106 |     Default: 10.20.4.0/24
107 |     Description: CIDR block for the second private subnet in the VPC.
108 |   AppPrivateCIDRC:
109 |     Type: String
110 |     MinLength: 9
111 |     MaxLength: 18
112 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
113 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
114 |     Default: 10.20.5.0/24
115 |     Description: CIDR block for the third private subnet in the VPC.
116 |   AppPrivateCIDRD:
117 |     Type: String
118 |     MinLength: 9
119 |     MaxLength: 18
120 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
121 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
122 |     Default: 10.20.6.0/24
123 |     Description: CIDR block for the fourth private subnet in the VPC.
124 |   DatabaseName:
125 |     Type: String
126 |     Default: proxysqlexample
127 |     MinLength: 1
128 |     MaxLength: 64
129 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
130 |   DatabaseUser:
131 |     Type: String
132 |     MinLength: 1
133 |     MaxLength: 16
134 |     Default: proxysql
135 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
136 |   DatabasePassword:
137 |     Type: String
138 |     MinLength: 8
139 |     MaxLength: 41
140 |     Default: pr0xySQL01Cred
141 |     NoEcho: true
142 |     AllowedPattern: "[a-zA-Z0-9]*" 
143 |   DbInstanceSize:
144 |     Type: String
145 |     Description: Database instance size
146 |     AllowedValues:
147 |       - db.r5.large 	
148 |       - db.r5.xlarge 	
149 |       - db.r5.2xlarge 	
150 |       - db.r5.4xlarge 	
151 |       - db.r5.8xlarge 	
152 |       - db.r5.16xlarge
153 |     Default: "db.r5.large"
154 |   keyname:
155 |     Type: AWS::EC2::KeyPair::KeyName
156 | 
157 | Resources:
158 |   NetworkStack:
159 |     Type: AWS::CloudFormation::Stack
160 |     Properties:
161 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/network.yaml"]]
162 |       Parameters:
163 |         vpccidr: !Ref vpccidr
164 |         AppPrivateCIDRA: !Ref AppPrivateCIDRA
165 |         AppPrivateCIDRB: !Ref AppPrivateCIDRB
166 |         AppPrivateCIDRC: !Ref AppPrivateCIDRC
167 |         AppPrivateCIDRD: !Ref AppPrivateCIDRD
168 |         AppPublicCIDRA: !Ref AppPublicCIDRA
169 |         AppPublicCIDRB: !Ref AppPublicCIDRB
170 |   SgStack:
171 |     Type: AWS::CloudFormation::Stack
172 |     Properties:
173 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/secgroups.yaml"]]
174 |       Parameters:
175 |         VPC: !GetAtt NetworkStack.Outputs.VpcId
176 |         ProjectTag: !Ref ProjectTag
177 |         AllowedCidrIngress: !Ref AllowedCidrIngress
178 |         AppPublicCIDRA: !Ref AppPublicCIDRA
179 |         AppPublicCIDRB: !Ref AppPublicCIDRB
180 |   RdsStack:
181 |     Type: AWS::CloudFormation::Stack
182 |     Properties:
183 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/aurora.yaml"]]
184 |       Parameters:
185 |         ProjectTag: !Ref ProjectTag
186 |         DatabaseName: !Ref DatabaseName
187 |         DatabaseUser: !Ref DatabaseUser
188 |         DatabasePassword: !Ref DatabasePassword
189 |         DbInstanceSize: !Ref DbInstanceSize
190 |         SubnetPrivateA: !GetAtt NetworkStack.Outputs.SubnetIdPrivateA
191 |         SubnetPrivateB: !GetAtt NetworkStack.Outputs.SubnetIdPrivateB
192 |         DBFirewall: !GetAtt SgStack.Outputs.DBFirewallId
193 |   ProxySQLStack:
194 |     Type: AWS::CloudFormation::Stack
195 |     Properties:
196 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/proxysql.yaml"]]
197 |       Parameters:
198 |         ProjectTag: !Ref ProjectTag
199 |         DatabaseName: !Ref DatabaseName
200 |         DatabaseUser: !Ref DatabaseUser
201 |         DatabasePassword: !Ref DatabasePassword
202 |         SubnetPrivateA: !GetAtt NetworkStack.Outputs.SubnetIdPrivateC
203 |         SubnetPrivateB: !GetAtt NetworkStack.Outputs.SubnetIdPrivateD
204 |         SubnetPublicA: !GetAtt NetworkStack.Outputs.SubnetIdPublicA
205 |         SubnetPublicB: !GetAtt NetworkStack.Outputs.SubnetIdPublicB
206 |         MinSize: 1
207 |         MaxSize: 1
208 |         DesiredCapacity: 1
209 |         InstanceSize: t2.large
210 |         VPC: !GetAtt NetworkStack.Outputs.VpcId
211 |         keyname: !Ref keyname
212 |         ClusterEndpoint: !GetAtt RdsStack.Outputs.DBClusterEndpoint
213 |         ReaderEndpoint: !GetAtt RdsStack.Outputs.DBReadEndpoint
214 |         ProxySQLFirewall: !GetAtt SgStack.Outputs.ProxySQLFirewallId
215 |         SshFirewall: !GetAtt SgStack.Outputs.SshFirewallId
216 | Outputs:
217 |   ProjectTagOut:
218 |     Description: "Tag applied to resources"
219 |     Value: !Ref ProjectTag
220 |   VpcId:
221 |     Description: VPC ID
222 |     Value: !GetAtt NetworkStack.Outputs.VpcId
223 |   SubnetIdPublicA:
224 |     Description: Subnet ID for first public subnet
225 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPublicA
226 |   SubnetIdPublicB:
227 |     Description: Subnet ID for second public subnet
228 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPublicB
229 |   SubnetIdPrivateA:
230 |     Description: Subnet ID for first private subnet
231 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateA
232 |   SubnetIdPrivateB:
233 |     Description: Subnet ID for second private subnet
234 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateB
235 |   SubnetIdPrivateC:
236 |     Description: Subnet ID for third private subnet
237 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateC
238 |   SubnetIdPrivateD:
239 |     Description: Subnet ID for fourth private subnet
240 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateD
241 |   ProxySQLFirewallId:
242 |     Description: ID of proxysql security group
243 |     Value: !GetAtt SgStack.Outputs.ProxySQLFirewallId
244 |   DBFirewallId:
245 |     Description: ID of database security group
246 |     Value: !GetAtt SgStack.Outputs.DBFirewallId
247 |   SshFirewallId:
248 |     Description: ID of ssh security group
249 |     Value: !GetAtt SgStack.Outputs.SshFirewallId
250 |   Endpoint:
251 |     Description: Database URL 
252 |     Value: !GetAtt ProxySQLStack.Outputs.Endpoint
253 |   JumpAddress:
254 |     Description: IP address of Jump server
255 |     Value: !GetAtt ProxySQLStack.Outputs.JumpAddress
256 |   DBClusterEndpoint:
257 |     Description: Aurora cluster endpoint
258 |     Value: !GetAtt RdsStack.Outputs.DBClusterEndpoint
259 |   DBReadEndpoint:
260 |     Description: Aurora cluster read endpoint
261 |     Value: !GetAtt RdsStack.Outputs.DBReadEndpoint
262 | 


--------------------------------------------------------------------------------
/network.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | # SPDX-License-Identifier: MIT-0
  3 | 
  4 | AWSTemplateFormatVersion: "2010-09-09"
  5 | Description: >
  6 |   This template builds a VPC with two public and four private subnets.
  7 | 
  8 | Parameters:
  9 |   vpccidr:
 10 |     Type: String
 11 |     MinLength: 9
 12 |     MaxLength: 18
 13 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 14 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/16
 15 |     Default: 10.20.0.0/16
 16 |   AppPublicCIDRA:
 17 |     Type: String
 18 |     MinLength: 9
 19 |     MaxLength: 18
 20 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 21 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 22 |     Default: 10.20.1.0/24
 23 |   AppPublicCIDRB:
 24 |     Type: String
 25 |     MinLength: 9
 26 |     MaxLength: 18
 27 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 28 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 29 |     Default: 10.20.2.0/24
 30 |   AppPrivateCIDRA:
 31 |     Type: String
 32 |     MinLength: 9
 33 |     MaxLength: 18
 34 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 35 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 36 |     Default: 10.20.3.0/24
 37 |   AppPrivateCIDRB:
 38 |     Type: String
 39 |     MinLength: 9
 40 |     MaxLength: 18
 41 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 42 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 43 |     Default: 10.20.4.0/24
 44 |   AppPrivateCIDRC:
 45 |     Type: String
 46 |     MinLength: 9
 47 |     MaxLength: 18
 48 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 49 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 50 |     Default: 10.20.5.0/24
 51 |   AppPrivateCIDRD:
 52 |     Type: String
 53 |     MinLength: 9
 54 |     MaxLength: 18
 55 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 56 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 57 |     Default: 10.20.6.0/24
 58 | 
 59 | Resources:
 60 |   VPC:
 61 |     Type: "AWS::EC2::VPC"
 62 |     Properties:
 63 |       CidrBlock: !Ref vpccidr
 64 |       EnableDnsHostnames: 'true'
 65 |       EnableDnsSupport: 'true'
 66 |   IGW:
 67 |     Type: "AWS::EC2::InternetGateway"
 68 |   GatewayAttach:
 69 |     Type: "AWS::EC2::VPCGatewayAttachment"
 70 |     Properties:
 71 |       InternetGatewayId: !Ref IGW
 72 |       VpcId: !Ref VPC
 73 |   SubnetPublicA: 
 74 |     Type: "AWS::EC2::Subnet"
 75 |     Properties:
 76 |       AvailabilityZone: !Select [0, !GetAZs ]
 77 |       CidrBlock: !Ref AppPublicCIDRA
 78 |       MapPublicIpOnLaunch: true
 79 |       VpcId: !Ref VPC
 80 |   SubnetPrivateA: 
 81 |     Type: "AWS::EC2::Subnet"
 82 |     Properties:
 83 |       AvailabilityZone: !Select [0, !GetAZs ]
 84 |       CidrBlock: !Ref AppPrivateCIDRA
 85 |       MapPublicIpOnLaunch: false
 86 |       VpcId: !Ref VPC
 87 |   SubnetPrivateC: 
 88 |     Type: "AWS::EC2::Subnet"
 89 |     Properties:
 90 |       AvailabilityZone: !Select [0, !GetAZs ]
 91 |       CidrBlock: !Ref AppPrivateCIDRC
 92 |       MapPublicIpOnLaunch: false
 93 |       VpcId: !Ref VPC
 94 |   SubnetPublicB: 
 95 |     Type: "AWS::EC2::Subnet"
 96 |     Properties:
 97 |       AvailabilityZone: !Select [1, !GetAZs ]
 98 |       CidrBlock: !Ref AppPublicCIDRB
 99 |       MapPublicIpOnLaunch: true
100 |       VpcId: !Ref VPC
101 |   SubnetPrivateB: 
102 |     Type: "AWS::EC2::Subnet"
103 |     Properties:
104 |       AvailabilityZone: !Select [1, !GetAZs ]
105 |       CidrBlock: !Ref AppPrivateCIDRB
106 |       MapPublicIpOnLaunch: false
107 |       VpcId: !Ref VPC
108 |   SubnetPrivateD: 
109 |     Type: "AWS::EC2::Subnet"
110 |     Properties:
111 |       AvailabilityZone: !Select [1, !GetAZs ]
112 |       CidrBlock: !Ref AppPrivateCIDRD
113 |       MapPublicIpOnLaunch: false
114 |       VpcId: !Ref VPC
115 |   SubnetRouteTableAssociatePublicA: # Associates the subnet with a route table - passed via import
116 |     DependsOn: SubnetPublicA
117 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
118 |     Properties:
119 |       RouteTableId: !Ref RouteTablePublic
120 |       SubnetId: !Ref SubnetPublicA
121 |   SubnetRouteTableAssociatePublicB: # Associates the subnet with a route table - passed via import
122 |     DependsOn: SubnetPublicB
123 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
124 |     Properties:
125 |       RouteTableId: !Ref RouteTablePublic
126 |       SubnetId: !Ref SubnetPublicB # Associates the subnet with a route table - passed via import
127 |   SubnetRouteTableAssociatePrivateA: # Associates the subnet with a route table - passed via parameter
128 |     DependsOn: SubnetPrivateA
129 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
130 |     Properties:
131 |       RouteTableId: !Ref RouteTablePrivateA
132 |       SubnetId: !Ref SubnetPrivateA # Associates the subnet with a route table - passed via parameter
133 |   SubnetRouteTableAssociatePrivateB: # Associates the subnet with a route table - passed via parameter
134 |     DependsOn: SubnetPrivateB
135 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
136 |     Properties:
137 |       RouteTableId: !Ref RouteTablePrivateB
138 |       SubnetId: !Ref SubnetPrivateB # Associates the subnet with a route table - passed via parameter
139 |   SubnetRouteTableAssociatePrivateC: # Associates the subnet with a route table - passed via parameter
140 |     DependsOn: SubnetPrivateC
141 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
142 |     Properties:
143 |       RouteTableId: !Ref RouteTablePrivateC
144 |       SubnetId: !Ref SubnetPrivateC # Associates the subnet with a route table - passed via parameter
145 |   SubnetRouteTableAssociatePrivateD: # Associates the subnet with a route table - passed via parameter
146 |     DependsOn: SubnetPrivateD
147 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
148 |     Properties:
149 |       RouteTableId: !Ref RouteTablePrivateD
150 |       SubnetId: !Ref SubnetPrivateD # Associates the subnet with a route table - passed via parameter
151 |   RouteDefaultPublic:
152 |     Type: "AWS::EC2::Route"
153 |     DependsOn: GatewayAttach
154 |     Properties:
155 |       DestinationCidrBlock: 0.0.0.0/0
156 |       GatewayId: !Ref IGW
157 |       RouteTableId: !Ref RouteTablePublic
158 |   RouteTablePublic:
159 |     Type: "AWS::EC2::RouteTable"
160 |     Properties:
161 |       VpcId: !Ref VPC
162 |   RouteDefaultPrivateA:
163 |     Type: "AWS::EC2::Route"
164 |     Properties:
165 |       DestinationCidrBlock: 0.0.0.0/0
166 |       NatGatewayId: !Ref NatGatewayA
167 |       RouteTableId: !Ref RouteTablePrivateA
168 |   RouteDefaultPrivateB:
169 |     Type: "AWS::EC2::Route"
170 |     Properties:
171 |       DestinationCidrBlock: 0.0.0.0/0
172 |       NatGatewayId: !Ref NatGatewayB
173 |       RouteTableId: !Ref RouteTablePrivateB
174 |   RouteDefaultPrivateC:
175 |     Type: "AWS::EC2::Route"
176 |     Properties:
177 |       DestinationCidrBlock: 0.0.0.0/0
178 |       NatGatewayId: !Ref NatGatewayC
179 |       RouteTableId: !Ref RouteTablePrivateC
180 |   RouteDefaultPrivateD:
181 |     Type: "AWS::EC2::Route"
182 |     Properties:
183 |       DestinationCidrBlock: 0.0.0.0/0
184 |       NatGatewayId: !Ref NatGatewayD
185 |       RouteTableId: !Ref RouteTablePrivateD
186 |   RouteTablePrivateA:
187 |     Type: "AWS::EC2::RouteTable"
188 |     Properties:
189 |       VpcId: !Ref VPC
190 |   RouteTablePrivateB:
191 |     Type: "AWS::EC2::RouteTable"
192 |     Properties:
193 |       VpcId: !Ref VPC
194 |   RouteTablePrivateC:
195 |     Type: "AWS::EC2::RouteTable"
196 |     Properties:
197 |       VpcId: !Ref VPC
198 |   RouteTablePrivateD:
199 |     Type: "AWS::EC2::RouteTable"
200 |     Properties:
201 |       VpcId: !Ref VPC
202 |   EIPNatGWA:
203 |     DependsOn: GatewayAttach
204 |     Type: "AWS::EC2::EIP"
205 |     Properties:
206 |       Domain: vpc
207 |   EIPNatGWB:
208 |     DependsOn: GatewayAttach
209 |     Type: "AWS::EC2::EIP"
210 |     Properties:
211 |       Domain: vpc
212 |   EIPNatGWC:
213 |     DependsOn: GatewayAttach
214 |     Type: "AWS::EC2::EIP"
215 |     Properties:
216 |       Domain: vpc
217 |   EIPNatGWD:
218 |     DependsOn: GatewayAttach
219 |     Type: "AWS::EC2::EIP"
220 |     Properties:
221 |       Domain: vpc
222 |   NatGatewayA:
223 |     Type: "AWS::EC2::NatGateway"
224 |     Properties:
225 |       AllocationId: !GetAtt EIPNatGWA.AllocationId
226 |       SubnetId: !Ref SubnetPublicA
227 |   NatGatewayB:
228 |     Type: "AWS::EC2::NatGateway"
229 |     Properties:
230 |       AllocationId: !GetAtt EIPNatGWB.AllocationId
231 |       SubnetId: !Ref SubnetPublicB
232 |   NatGatewayC:
233 |     Type: "AWS::EC2::NatGateway"
234 |     Properties:
235 |       AllocationId: !GetAtt EIPNatGWC.AllocationId
236 |       SubnetId: !Ref SubnetPublicA
237 |   NatGatewayD:
238 |     Type: "AWS::EC2::NatGateway"
239 |     Properties:
240 |       AllocationId: !GetAtt EIPNatGWD.AllocationId
241 |       SubnetId: !Ref SubnetPublicB
242 | Outputs:
243 |   VpcId:
244 |     Description: VPC ID
245 |     Value: !Ref VPC
246 |   SubnetIdPublicA:
247 |     Description: Subnet ID for first public subnet
248 |     Value: !Ref SubnetPublicA
249 |   SubnetIdPublicB:
250 |     Description: Subnet ID for second public subnet
251 |     Value: !Ref SubnetPublicB
252 |   SubnetIdPrivateA:
253 |     Description: Subnet ID for first private subnet
254 |     Value: !Ref SubnetPrivateA
255 |   SubnetIdPrivateB:
256 |     Description: Subnet ID for second private subnet
257 |     Value: !Ref SubnetPrivateB
258 |   SubnetIdPrivateC:
259 |     Description: Subnet ID for third private subnet
260 |     Value: !Ref SubnetPrivateC
261 |   SubnetIdPrivateD:
262 |     Description: Subnet ID for fourth private subnet
263 |     Value: !Ref SubnetPrivateD
264 | 


--------------------------------------------------------------------------------
/proxy-sql.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aws-samples/amazon-aurora-proxysql-example/96e5fc3e25a0160093f8e9cd89ebec3784605aad/proxy-sql.png


--------------------------------------------------------------------------------
/proxysql.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | # SPDX-License-Identifier: MIT-0
  3 | 
  4 | AWSTemplateFormatVersion: "2010-09-09"
  5 | Description: >
  6 |   This template builds a proxysql middleware layer for an RDS cluster.
  7 | 
  8 | Parameters:
  9 |   MinSize:
 10 |     Type: String
 11 |     Description: Minimum number of proxysql servers
 12 |     Default: "1"
 13 |   MaxSize:
 14 |     Type: String
 15 |     Description: Maximum number of proxysql servers
 16 |     Default: "2"
 17 |   DesiredCapacity:
 18 |     Type: String
 19 |     Description: Nominal Size of proxysql Env
 20 |     Default: "1"
 21 |   InstanceSize:
 22 |     Type: String
 23 |     Description: Instance size
 24 |     Default: "t2.large"
 25 |   VPC:
 26 |     Type: "AWS::EC2::VPC::Id"
 27 |     Description: "VPC ID for creating the application"
 28 |   SubnetPublicA: 
 29 |     Description: "First public subnet"
 30 |     Type: "AWS::EC2::Subnet::Id"
 31 |   SubnetPublicB: 
 32 |     Description: "Second public subnet"
 33 |     Type: "AWS::EC2::Subnet::Id"
 34 |   SubnetPrivateA: 
 35 |     Description: "First private subnet"
 36 |     Type: "AWS::EC2::Subnet::Id"
 37 |   SubnetPrivateB: 
 38 |     Description: "Second private subnet"
 39 |     Type: "AWS::EC2::Subnet::Id"
 40 |   keyname:
 41 |     Type: AWS::EC2::KeyPair::KeyName
 42 |   DatabaseName:
 43 |     Type: String
 44 |     Default: proxysqlexample
 45 |     MinLength: 1
 46 |     MaxLength: 64
 47 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 48 |   DatabaseUser:
 49 |     Type: String
 50 |     MinLength: 1
 51 |     MaxLength: 16
 52 |     Default: proxysql
 53 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 54 |   DatabasePassword:
 55 |     Type: String
 56 |     MinLength: 8
 57 |     MaxLength: 41
 58 |     Default: pgp0o1Cred
 59 |     NoEcho: true
 60 |     AllowedPattern: "[a-zA-Z0-9]*" 
 61 |   ClusterEndpoint:
 62 |     Type: String
 63 |   ReaderEndpoint:
 64 |     Type: String
 65 |   ProxySQLFirewall:
 66 |     Type: String
 67 |   SshFirewall:
 68 |     Type: String
 69 |   ProjectTag:
 70 |     Type: String
 71 | 
 72 | Mappings:
 73 |   RegionMap:
 74 |     ca-central-1:
 75 |       "AMALINUX" : "ami-0fa94ecf2fef3420b" # AMALINUX 64-bit x86 2018.03.0
 76 |     us-east-1:
 77 |       "AMALINUX" : "ami-0e2ff28bfb72a4e45" # AMALINUX 64-bit x86 2018.03.0
 78 |     us-east-2:
 79 |       "AMALINUX" : "ami-0998bf58313ab53da" # AMALINUX 64-bit x86 2018.03.0
 80 |     us-west-1:
 81 |       "AMALINUX" : "ami-021bb9f371690f97a" # AMALINUX 64-bit x86 2018.03.0
 82 |     us-west-2:
 83 |       "AMALINUX" : "ami-079f731edfe27c29c" # AMALINUX 64-bit x86 2018.03.0
 84 |     sa-east-1:
 85 |       "AMALINUX" : "ami-05b7dbc290217250d" # AMALINUX 64-bit x86 2018.03.0
 86 |     eu-west-1:
 87 |       "AMALINUX" : "ami-0e61341fa75fcaa18" # AMALINUX 64-bit x86 2018.03.0
 88 |     eu-west-2:
 89 |       "AMALINUX" : "ami-050b8344d77081f4b" # AMALINUX 64-bit x86 2018.03.0
 90 |     eu-west-3:
 91 |       "AMALINUX" : "ami-053418e626d0549fc" # AMALINUX 64-bit x86 2018.03.0
 92 |     eu-central-1:
 93 |       "AMALINUX" : "ami-0ba441bdd9e494102" # AMALINUX 64-bit x86 2018.03.0
 94 |     eu-north-1:
 95 |       "AMALINUX" : "ami-01a7a49829bda9d79" # AMALINUX 64-bit x86 2018.03.0
 96 |     me-south-1:
 97 |       "AMALINUX" : "ami-0f9dd846ebb1d7a81" # AMALINUX 64-bit x86 2018.03.0
 98 |     ap-east-1:
 99 |       "AMALINUX" : "ami-7ab4f00b" # AMALINUX 64-bit x86 2018.03.0
100 |     ap-south-1:
101 |       "AMALINUX" : "ami-05695932c5299858a" # AMALINUX 64-bit x86 2018.03.0
102 |     ap-southeast-1:
103 |       "AMALINUX" : "ami-043afc2b8b6cfba5c" # AMALINUX 64-bit x86 2018.03.0
104 |     ap-southeast-2:
105 |       "AMALINUX" : "ami-01393ce9a3ca55d67" # AMALINUX 64-bit x86 2018.03.0
106 |     ap-northeast-1:
107 |       "AMALINUX" : "ami-02ddf94e5edc8e904" # AMALINUX 64-bit x86 2018.03.0
108 |     ap-northeast-2:
109 |       "AMALINUX" : "ami-0ecd78c22823e02ef" # AMALINUX 64-bit x86 2018.03.0
110 | Resources:
111 |   LogRole:
112 |     Type: AWS::IAM::Role
113 |     Properties:
114 |       AssumeRolePolicyDocument:
115 |         Version: '2012-10-17'
116 |         Statement:
117 |         - Effect: Allow
118 |           Principal:
119 |             Service:
120 |             - ec2.amazonaws.com
121 |           Action:
122 |           - sts:AssumeRole
123 |       Path: "/"
124 |       Policies:
125 |       - PolicyName: LogRolePolicy
126 |         PolicyDocument:
127 |           Version: '2012-10-17'
128 |           Statement:
129 |           - Effect: Allow
130 |             Action:
131 |             - logs:Create*
132 |             - logs:PutLogEvents
133 |             - s3:GetObject
134 |             Resource:
135 |             - arn:aws:logs:*:*:*
136 |             - arn:aws:s3:::*
137 |   LogRoleInstanceProfile:
138 |     Type: AWS::IAM::InstanceProfile
139 |     Properties:
140 |       Path: "/"
141 |       Roles:
142 |       - Ref: LogRole
143 |   ProxySQLLogs:
144 |       Type: AWS::Logs::LogGroup
145 |       DeletionPolicy: Retain
146 |       Properties:
147 |         RetentionInDays: 7
148 |   AutoScalingGroup:
149 |     CreationPolicy:
150 |       ResourceSignal:
151 |         Count: !Ref DesiredCapacity
152 |         Timeout: "PT5M"
153 |     UpdatePolicy:
154 |       AutoScalingReplacingUpdate:
155 |         WillReplace: true
156 |     Type: "AWS::AutoScaling::AutoScalingGroup"
157 |     Properties:
158 |       Cooldown: "300"
159 |       DesiredCapacity: !Ref DesiredCapacity
160 |       HealthCheckGracePeriod: "300"
161 |       HealthCheckType: ELB
162 |       LaunchConfigurationName: !Ref LaunchConfiguration
163 |       TargetGroupARNs:
164 |         - !Ref ELBTargetGroup
165 |       MaxSize: !Ref MaxSize
166 |       MinSize: !Ref MinSize
167 |       VPCZoneIdentifier:
168 |         - !Ref SubnetPrivateA
169 |         - !Ref SubnetPrivateB
170 |       Tags:
171 |         - Key: Project
172 |           Value: !Ref ProjectTag
173 |           PropagateAtLaunch: 'true'
174 |   LaunchConfiguration:
175 |     Type: "AWS::AutoScaling::LaunchConfiguration"
176 |     Properties:
177 |       ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMALINUX]
178 |       InstanceType: !Ref InstanceSize
179 |       IamInstanceProfile: !Ref LogRoleInstanceProfile
180 |       KeyName: !Ref keyname
181 |       SecurityGroups:
182 |         - !Ref ProxySQLFirewall
183 |         - !Ref SshFirewall
184 |       UserData:
185 |         "Fn::Base64":
186 |           !Sub |
187 |             #!/bin/bash
188 | 
189 |             /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfiguration --configsets proxysql --region ${AWS::Region}
190 |             curl 127.0.0.1/index.html | grep proxysql
191 |             /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource AutoScalingGroup --region ${AWS::Region}
192 |     Metadata:
193 |       AWS::CloudFormation::Init:
194 |         configSets:
195 |           proxysql:
196 |             - "install_www"
197 |             - "install_ProxySQLserver"
198 |             - "start_ProxySQLserver"
199 |             - install_logs
200 |             - "configure_ProxySQLserver"
201 |         install_www:
202 |           packages:
203 |             yum:
204 |               httpd: []
205 |           files:
206 |             /var/www/html/index.html:
207 |               content: "Hello from proxysql"
208 |           services:
209 |             sysvinit:
210 |               httpd:
211 |                 enabled: "true"
212 |                 ensureRunning: "true"
213 |         install_ProxySQLserver:
214 |           packages:
215 |             yum:
216 |               mysql: []
217 |           files:
218 |             /etc/yum.repos.d/proxysql.repo:
219 |               content: !Sub |
220 |                 [proxysql_repo]
221 |                 name= ProxySQL YUM repository
222 |                 baseurl=https://repo.proxysql.com/ProxySQL/proxysql-2.0.x/centos/6
223 |                 gpgcheck=1
224 |                 gpgkey=https://repo.proxysql.com/ProxySQL/repo_pub_key
225 |               mode: '000444'
226 |               owner: root
227 |               group: root
228 |           commands:
229 |             install_ProxySQLserver:
230 |               command: "sudo yum install -y proxysql"
231 |               ignoreErrors: false
232 |         start_ProxySQLserver:
233 |           services:
234 |             sysvinit:
235 |               proxysql:
236 |                 enabled: true
237 |                 ensureRunning: true
238 |         install_logs:
239 |           packages:
240 |             yum:
241 |               awslogs: []
242 |           files:
243 |             /etc/awslogs/awslogs.conf:
244 |               content: !Sub |
245 |                 [general]
246 |                 state_file= /var/awslogs/state/agent-state
247 | 
248 |                 [/var/log/cloud-init.log]
249 |                 file = /var/log/cloud-init.log
250 |                 log_group_name = ${ProxySQLLogs}
251 |                 log_stream_name = {instance_id}/cloud-init.log
252 |                 datetime_format =
253 | 
254 |                 [/var/log/cloud-init-output.log]
255 |                 file = /var/log/cloud-init-output.log
256 |                 log_group_name = ${ProxySQLLogs}
257 |                 log_stream_name = {instance_id}/cloud-init-output.log
258 |                 datetime_format =
259 | 
260 |                 [/var/log/cfn-init.log]
261 |                 file = /var/log/cfn-init.log
262 |                 log_group_name = ${ProxySQLLogs}
263 |                 log_stream_name = {instance_id}/cfn-init.log
264 |                 datetime_format =
265 | 
266 |                 [/var/log/cfn-hup.log]
267 |                 file = /var/log/cfn-hup.log
268 |                 log_group_name = ${ProxySQLLogs}
269 |                 log_stream_name = {instance_id}/cfn-hup.log
270 |                 datetime_format =
271 | 
272 |                 [/var/log/cfn-wire.log]
273 |                 file = /var/log/cfn-wire.log
274 |                 log_group_name = ${ProxySQLLogs}
275 |                 log_stream_name = {instance_id}/cfn-wire.log
276 |                 datetime_format =
277 | 
278 |                 [/var/log/httpd]
279 |                 file = /var/log/httpd/*
280 |                 log_group_name = ${ProxySQLLogs}
281 |                 log_stream_name = {instance_id}/httpd
282 |                 datetime_format = %d/%b/%Y:%H:%M:%S
283 | 
284 |               mode: '000444'
285 |               owner: root
286 |               group: root
287 |             /etc/awslogs/awscli.conf:
288 |               content: !Sub |
289 |                 [plugins]
290 |                 cwlogs = cwlogs
291 |                 [default]
292 |                 region = ${AWS::Region}
293 |               mode: '000444'
294 |               owner: root
295 |               group: root
296 |           commands:
297 |             01_create_state_directory:
298 |               command: mkdir -p /var/awslogs/state
299 |           services:
300 |             sysvinit:
301 |               awslogs:
302 |                 enabled: 'true'
303 |                 ensureRunning: 'true'
304 |                 files: /etc/awslogs/awslogs.conf
305 |         install_aws_ini:
306 |           commands:
307 |             install_aws_ini:
308 |               command: ./download_aws_ini.sh
309 |               cwd: /tmp
310 |               ignoreErrors: true
311 |         configure_ProxySQLserver:
312 |           files:
313 |             /home/ec2-user/proxysql.sql:
314 |               content: !Sub |
315 |                 delete from mysql_servers where hostgroup_id in (10,20);
316 |                 delete from mysql_replication_hostgroups where writer_hostgroup=10;
317 |                 INSERT INTO mysql_servers (hostname,hostgroup_id,port,weight,max_connections) VALUES ('${ClusterEndpoint}',10,3306,1000,2000);
318 |                 INSERT INTO mysql_servers (hostname,hostgroup_id,port,weight,max_connections) VALUES ('${ReaderEndpoint}',20,3306,1000,2000);
319 |                 INSERT INTO mysql_replication_hostgroups (writer_hostgroup,reader_hostgroup,comment,check_type) VALUES (10,20,'aws-aurora','innodb_read_only');
320 |                 LOAD MYSQL SERVERS TO RUNTIME; SAVE MYSQL SERVERS TO DISK;
321 | 
322 |                 delete from mysql_query_rules where rule_id in (50,51);
323 |                 INSERT INTO mysql_query_rules (rule_id,active,match_digest,destination_hostgroup,apply) VALUES (50,1,'^SELECT.*FOR UPDATE$',10,1), (51,1,'^SELECT',20,1);
324 |                 LOAD MYSQL QUERY RULES TO RUNTIME; SAVE MYSQL QUERY RULES TO DISK;
325 | 
326 |                 delete from mysql_users where username='${DatabaseUser}';
327 |                 insert into mysql_users (username,password,active,default_hostgroup,default_schema,transaction_persistent) values ('${DatabaseUser}','${DatabasePassword}',1,10,'${DatabaseName}',1);
328 |                 LOAD MYSQL USERS TO RUNTIME; SAVE MYSQL USERS TO DISK;
329 | 
330 |                 UPDATE global_variables SET variable_value='monitor' WHERE variable_name='mysql-monitor_username';
331 |                 UPDATE global_variables SET variable_value='monitor' WHERE variable_name='mysql-monitor_password';
332 |                 UPDATE global_variables SET variable_value='5.7.12' WHERE variable_name='mysql-server_version';
333 |                 UPDATE global_variables SET variable_value='2000' WHERE variable_name IN ('mysql-monitor_connect_interval','mysql-monitor_ping_interval','mysql-monitor_read_only_interval');
334 |                 LOAD MYSQL VARIABLES TO RUNTIME;
335 |                 SAVE MYSQL VARIABLES TO DISK;
336 |               mode: '000444'
337 |               owner: root
338 |               group: root
339 |           commands:
340 |             01_configure_ProxySQLserver:
341 |               command: mysql -u admin -padmin -h 127.0.0.1 -P6032 main < proxysql.sql
342 |               cwd: /home/ec2-user
343 |               ignoreErrors: false
344 |             02_configure_ProxySQLserver:
345 |               command: !Sub |
346 |                 mysql -u ${DatabaseUser} -p${DatabasePassword} -h 127.0.0.1 -P6033 -e "CREATE USER IF NOT EXISTS 'monitor'@'%' IDENTIFIED BY 'monitor';"
347 |               cwd: /home/ec2-user
348 |               ignoreErrors: false
349 |   JumpServer:
350 |     Type: "AWS::EC2::Instance"
351 |     Properties:
352 |       ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMALINUX]
353 |       InstanceType: !Ref InstanceSize
354 |       KeyName: !Ref keyname
355 |       SubnetId: 
356 |         Ref: SubnetPublicA
357 |       SecurityGroupIds: 
358 |         - !Ref SshFirewall
359 |       Tags:
360 |         - Key: Project
361 |           Value: !Ref ProjectTag
362 |   NetELB:
363 |     Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
364 |     Properties:
365 |       Subnets:
366 |         - !Ref SubnetPublicA
367 |         - !Ref SubnetPublicB
368 |       Type: network
369 |       Tags:
370 |         - Key: Project
371 |           Value: !Ref ProjectTag
372 |   ELBListener:
373 |     Type: "AWS::ElasticLoadBalancingV2::Listener"
374 |     Properties: 
375 |       DefaultActions:
376 |         - TargetGroupArn: !Ref ELBTargetGroup
377 |           Type: "forward"
378 |       LoadBalancerArn: !Ref NetELB
379 |       Port: 3306
380 |       Protocol: TCP
381 |   ELBTargetGroup:
382 |     Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
383 |     Properties:
384 |       HealthCheckPort: 80
385 |       HealthCheckProtocol: HTTP
386 |       Port: 6033
387 |       Protocol: TCP
388 |       VpcId: !Ref VPC
389 | Outputs:
390 |   Endpoint:
391 |     Description: Database URL 
392 |     Value: !GetAtt NetELB.DNSName
393 |   JumpAddress:
394 |     Description: IP address of Jump server
395 |     Value: !GetAtt JumpServer.PublicIp
396 | 


--------------------------------------------------------------------------------
/secgroups.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | # SPDX-License-Identifier: MIT-0
  3 | 
  4 | AWSTemplateFormatVersion: "2010-09-09"
  5 | Parameters:
  6 |   VPC:
  7 |     Type: "AWS::EC2::VPC::Id"
  8 |     Description: "VPC ID for creating the application"
  9 |   ProjectTag:
 10 |     Type: String
 11 |     Description: Tag to apply to created resources for visibility
 12 |     Default: ProxySQLDemo
 13 |   AllowedCidrIngress:
 14 |     Type: String
 15 |     MinLength: 9
 16 |     MaxLength: 18
 17 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 18 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/YY
 19 |     Default: 0.0.0.0/0
 20 |   AppPublicCIDRA:
 21 |     Type: String
 22 |   AppPublicCIDRB:
 23 |     Type: String
 24 | Resources:
 25 |   DBFirewall:
 26 |     Type: "AWS::EC2::SecurityGroup"
 27 |     Properties:
 28 |       GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " RDS"]]
 29 |       VpcId: !Ref VPC
 30 |       SecurityGroupIngress:
 31 |         -
 32 |           SourceSecurityGroupId: 
 33 |             Fn::GetAtt:
 34 |             - ProxySQLFirewall
 35 |             - GroupId
 36 |           IpProtocol: tcp
 37 |           ToPort: "3306"
 38 |           FromPort: "3306"
 39 |       SecurityGroupEgress:
 40 |         -
 41 |           CidrIp: 0.0.0.0/0
 42 |           ToPort: "-1"
 43 |           IpProtocol: "-1"
 44 |       Tags:
 45 |         - Key: Project
 46 |           Value: !Ref ProjectTag
 47 |   ProxySQLFirewall:
 48 |     Type: "AWS::EC2::SecurityGroup"
 49 |     Properties:
 50 |       GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " ProxySQL"]]
 51 |       VpcId: !Ref VPC
 52 |       SecurityGroupIngress:
 53 |         -
 54 |           CidrIp: !Ref AllowedCidrIngress
 55 |           IpProtocol: tcp
 56 |           ToPort: "6033"
 57 |           FromPort: "3306"
 58 |         -
 59 |           CidrIp: !Ref AppPublicCIDRA
 60 |           IpProtocol: tcp
 61 |           ToPort: "6033"
 62 |           FromPort: "3306"
 63 |         -
 64 |           CidrIp: !Ref AppPublicCIDRB
 65 |           IpProtocol: tcp
 66 |           ToPort: "6033"
 67 |           FromPort: "3306"
 68 |         -
 69 |           CidrIp: !Ref AppPublicCIDRA
 70 |           IpProtocol: tcp
 71 |           ToPort: "80"
 72 |           FromPort: "80"
 73 |         -
 74 |           CidrIp: !Ref AppPublicCIDRB
 75 |           IpProtocol: tcp
 76 |           ToPort: "80"
 77 |           FromPort: "80"
 78 |       SecurityGroupEgress:
 79 |         -
 80 |           CidrIp: 0.0.0.0/0
 81 |           ToPort: "-1"
 82 |           IpProtocol: "-1"
 83 |   SshFirewall:
 84 |     Type: "AWS::EC2::SecurityGroup"
 85 |     Properties:
 86 |       GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " SSH"]]
 87 |       VpcId: !Ref VPC
 88 |       SecurityGroupIngress:
 89 |         -
 90 |           CidrIp: !Ref AllowedCidrIngress
 91 |           IpProtocol: tcp
 92 |           ToPort: "22"
 93 |           FromPort: "22"
 94 |         -
 95 |           CidrIp: !Ref AppPublicCIDRA
 96 |           IpProtocol: tcp
 97 |           ToPort: "22"
 98 |           FromPort: "22"
 99 |         -
100 |           CidrIp: !Ref AppPublicCIDRB
101 |           IpProtocol: tcp
102 |           ToPort: "22"
103 |           FromPort: "22"
104 |       SecurityGroupEgress:
105 |         -
106 |           CidrIp: 0.0.0.0/0
107 |           ToPort: "-1"
108 |           IpProtocol: "-1"
109 | Outputs:
110 |   ProxySQLFirewallId:
111 |     Description: ID of proxysql security group
112 |     Value: !Ref ProxySQLFirewall
113 |   SshFirewallId:
114 |     Description: ID of SSH security group
115 |     Value: !Ref SshFirewall
116 |   DBFirewallId:
117 |     Description: ID of database security group
118 |     Value: !Ref DBFirewall
119 | 
120 | 


--------------------------------------------------------------------------------
/update.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 4 | #
 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
 6 | # software and associated documentation files (the "Software"), to deal in the Software
 7 | # without restriction, including without limitation the rights to use, copy, modify,
 8 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
 9 | # permit persons to whom the Software is furnished to do so.
10 | #
11 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
12 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
13 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
14 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
15 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
16 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
17 | 
18 | templatebucket=$1
19 | templateprefix=$2
20 | stackname=$3
21 | region=$4
22 | SCRIPTDIR=`dirname $0`
23 | if [ "$templatebucket" == "" ]
24 | then
25 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
26 |     exit 1
27 | fi
28 | if [ "$templateprefix" == "" ]
29 | then
30 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
31 |     exit 1
32 | fi
33 | if [ "$stackname" == "" ]
34 | then
35 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
36 |     exit 1
37 | fi
38 | if [ "$region" == "" ]
39 | then
40 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
41 |     exit 1
42 | fi
43 | 
44 | # Check if we need to append region to S3 URL
45 | TEMPLATE_URL=https://s3.amazonaws.com/$templatebucket/$templateprefix/master.yaml
46 | if [ "$region" != "us-east-1" ]
47 | then
48 |     TEMPLATE_URL=https://s3-$region.amazonaws.com/$templatebucket/$templateprefix/master.yaml
49 | fi
50 | 
51 | aws s3 cp master.yaml s3://$templatebucket/$templateprefix/master.yaml --region $region
52 | aws s3 cp network.yaml s3://$templatebucket/$templateprefix/network.yaml --region $region
53 | aws s3 cp secgroups.yaml s3://$templatebucket/$templateprefix/secgroups.yaml --region $region
54 | aws s3 cp aurora.yaml s3://$templatebucket/$templateprefix/aurora.yaml --region $region
55 | aws s3 cp proxysql.yaml s3://$templatebucket/$templateprefix/proxysql.yaml --region $region
56 | 
57 | aws cloudformation update-stack --stack-name $stackname \
58 |     --template-url $TEMPLATE_URL \
59 |     --parameters \
60 |     ParameterKey=TemplateBucketName,ParameterValue=$templatebucket \
61 |     ParameterKey=TemplateBucketPrefix,ParameterValue=$templateprefix \
62 |     ParameterKey=ProjectTag,ParameterValue=proxysqlblog \
63 |     ParameterKey=vpccidr,ParameterValue="10.20.0.0/16" \
64 |     ParameterKey=AllowedCidrIngress,ParameterValue="0.0.0.0/0" \
65 |     ParameterKey=AppPrivateCIDRA,ParameterValue="10.20.3.0/24" \
66 |     ParameterKey=AppPrivateCIDRB,ParameterValue="10.20.4.0/24" \
67 |     ParameterKey=AppPrivateCIDRC,ParameterValue="10.20.5.0/24" \
68 |     ParameterKey=AppPrivateCIDRD,ParameterValue="10.20.6.0/24" \
69 |     ParameterKey=AppPublicCIDRA,ParameterValue="10.20.1.0/24" \
70 |     ParameterKey=AppPublicCIDRB,ParameterValue="10.20.2.0/24" \
71 |     ParameterKey=DatabaseName,ParameterValue="proxysqlexample" \
72 |     ParameterKey=DatabaseUser,ParameterValue="proxysqluser" \
73 |     ParameterKey=DatabasePassword,ParameterValue="pr0xySQL01Cred" \
74 |     ParameterKey=DbInstanceSize,ParameterValue="db.r5.large" \
75 |     ParameterKey=keyname,ParameterValue="ProxySQLDemo" \
76 |     --tags Key=Project,Value=proxysqlblog \
77 |     --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \
78 |     --no-use-previous-template \
79 |     --region $region
80 | 


--------------------------------------------------------------------------------