sonuahluwalia
diff --git a/‎aws/aws-rds-hello-world/README.md‎
Lines changed: 1 addition & 1 deletion b/‎aws/aws-rds-hello-world/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎aws/cloudformation/ecs-in-two-public-subnets/README.md‎
Lines changed: 8 additions & 0 deletions b/‎aws/cloudformation/ecs-in-two-public-subnets/README.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎aws/cloudformation/ecs-in-two-public-subnets/service.yml‎
Lines changed: 6 additions & 0 deletions b/‎aws/cloudformation/ecs-in-two-public-subnets/service.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎aws/cloudformation/rds-in-private-subnet/README.md‎
Lines changed: 7 additions & 0 deletions b/‎aws/cloudformation/rds-in-private-subnet/README.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎aws/cloudformation/rds-in-private-subnet/database.yml‎
Lines changed: 82 additions & 0 deletions b/‎aws/cloudformation/rds-in-private-subnet/database.yml‎
Lines changed: 82 additions & 0 deletions
@@ -16,7 +16,7 @@ Use the image instead of your real application to test AWS CloudFormation stacks
 4. Configure your deployment in a way that Docker will pass the coordinates to your RDS database as environment variables, equivalent to this command:
     ``` 
     docker run \
-      -e SPRING_DATASOURCE_URL=jdbc:postgresql://<RDS-ENDPOINT>:5432/postgres \
+      -e SPRING_DATASOURCE_URL=':'<RDS-ENDPOINT>:5432/postgres \
       -e SPRING_DATASOURCE_USERNAME=<USERNAME> \
       -e SPRING_DATASOURCE_PASSWORD=<PASSWORD> \
       -p 8080:8080 reflectoring/aws-rds-hello-world
 
@@ -0,0 +1,8 @@
+# Overview
+
+![ECS in two public subnets](ecs-in-two-public-subnets.svg)
+
+# Companion Blog Post
+
+[The AWS Journey Part 2: Deploying a Docker image from the Command Line with CloudFormation](https://reflectoring.io/aws-cloudformation-deploy-docker-image/)
+
@@ -76,6 +76,12 @@ Resources:
           !Join [':', [!Ref 'StackName', 'PublicListener']]
       Priority: 1
 
+  LogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: !Ref 'ServiceName'
+      RetentionInDays: 1
+
   TaskDefinition:
     Type: AWS::ECS::TaskDefinition
     Properties:
 
@@ -0,0 +1,7 @@
+# Overview
+
+![RDS in private subnet](rds-in-private-subnet.svg)
+
+# Companion Blog Post
+
+TO DO
@@ -0,0 +1,82 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: A stack that creates an RDS instance and places it into two subnets
+Parameters:
+  NetworkStackName:
+    Type: String
+    Description: The name of the networking stack that this stack will build upon.
+  DBInstanceClass:
+    Type: String
+    Description: The ID of the second subnet to place the RDS instance into.
+    Default: 'db.t2.micro'
+  DBName:
+    Type: String
+    Description: The name of the database that is created within the PostgreSQL instance.
+  DBUsername:
+    Type: String
+    Description: The master user name for the PostgreSQL instance.
+Resources:
+
+  Secret:
+    Type: "AWS::SecretsManager::Secret"
+    Properties:
+      Name: !Ref 'DBUsername'
+      GenerateSecretString:
+        # This will generate a JSON object with the keys "username" and password.
+        SecretStringTemplate: !Join ['', ['{"username": "', !Ref 'DBUsername' ,'"}']]
+        GenerateStringKey: "password"
+        PasswordLength: 32
+
+  DBSubnetGroup:
+    Type: AWS::RDS::DBSubnetGroup
+    Properties:
+      DBSubnetGroupDescription: Subnet group for the RDS instance
+      DBSubnetGroupName: DBSubnetGroup
+      SubnetIds:
+        - Fn::ImportValue:
+            !Join [':', [!Ref 'NetworkStackName', 'PrivateSubnetOne']]
+        - Fn::ImportValue:
+            !Join [':', [!Ref 'NetworkStackName', 'PrivateSubnetTwo']]
+
+  PostgresInstance:
+    Type: AWS::RDS::DBInstance
+    Properties:
+      AllocatedStorage: 20
+      AvailabilityZone:
+        Fn::Select:
+          - 0
+          - Fn::GetAZs: {Ref: 'AWS::Region'}
+      DBInstanceClass: !Ref 'DBInstanceClass'
+      DBName: !Ref 'DBName'
+      DBSubnetGroupName: !Ref 'DBSubnetGroup'
+      Engine: postgres
+      EngineVersion: 11.5
+      MasterUsername: !Ref 'DBUsername'
+      MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref Secret, ':SecretString:password}}' ]]
+      PubliclyAccessible: false
+      VPCSecurityGroups:
+        - Fn::ImportValue:
+            !Join [':', [!Ref 'NetworkStackName', 'DBSecurityGroupId']]
+
+  SecretRDSInstanceAttachment:
+    Type: "AWS::SecretsManager::SecretTargetAttachment"
+    Properties:
+      SecretId: !Ref Secret
+      TargetId: !Ref PostgresInstance
+      TargetType: AWS::RDS::DBInstance
+
+Outputs:
+  EndpointAddress:
+    Description: Address of the RDS endpoint.
+    Value: !GetAtt 'PostgresInstance.Endpoint.Address'
+    Export:
+      Name: !Join [ ':', [ !Ref 'AWS::StackName', 'EndpointAddress' ] ]
+  EndpointPort:
+    Description: Port of the RDS endpoint.
+    Value: !GetAtt 'PostgresInstance.Endpoint.Port'
+    Export:
+      Name: !Join [ ':', [ !Ref 'AWS::StackName', 'EndpointPort' ] ]
+  Secret:
+    Description: Reference to the secret containing the password to the database.
+    Value: !Ref 'Secret'
+    Export:
+      Name: !Join [ ':', [ !Ref 'AWS::StackName', 'Secret' ] ]