Cloud Foundry AWS RDS Service Broker
Go Shell HCL
#16 Compare This branch is 87 commits ahead, 18 commits behind cloudfoundry-community:master.
Latest commit a244db9 Feb 16, 2017 @sharms sharms committed with jmcarp Wercker no longer functions (#28)
Failed to load latest commit information.
provision Add cloudformation provisioning script May 27, 2015
services/rds Add max allocated storage setting. Nov 9, 2016
vendor Check in dependencies. May 25, 2016
.cfignore Fix catalog to fit service api /v2/catalog Jan 4, 2016
.gitignore Add README, LICENSE and CONTRIBUTING Jan 20, 2016
api.go Fix some lint errors. Jan 11, 2016
catalog-test.yml Template catalog and secrets with spiff. May 27, 2016
wercker.yml Fix unit tests and concourse typos. May 25, 2016

Cloud Foundry AWS Service Broker

Cloud Foundry Service Broker to manage instances of various AWS services.

Current Services Supported

  • RDS


Environment Variables

There are important environment variables that should be overriden inside the manifest.yml file

Note: All environment variables prefixed with DB_ refer to attributes for the database the broker itself will use for internal uses.

  1. DB_URL: The hostname / IP address of the database.
  2. DB_PORT: The port number to access the database.
  3. DB_NAME: The database name.
  4. DB_USER: Username to access the database.
  5. DB_PASS: Password to access the database.
  6. DB_TYPE: The type of database. Currently supported types: postgres and sqlite3.
  7. DB_SSLMODE: The type of SSL Mode to use when connecting to the database. Supported modes: disabled, require and verify-ca.
  8. AWS_ACCESS_KEY_ID: The id credential with access to make requests to the Amazon RDS .
  9. AWS_SECRET_ACCESS_KEY: The secret key (treat like a password) credential to access Amazon RDS.

Note the AWS Environment Variables should be generated by following the instructions here

Make sure the account has write access to RDS and EC2 (particularly for VPC and Subnet).

Example of permissions that suffice: AmazonRDSFullAccess and AmazonEC2FullAccess


Catalog.yaml contains a list of service(s) offered with plans. It contains no secrets. Prior to pushing, complete the catalog.yaml for your environment. It is architected where the service name (e.g. rds) is the mapping between it and the service details.


secrets.yml contains the all of the secrets for the different resources.

How to deploy it

  1. cf push
  2. cf create-service-broker BROKER_NAME USER PASS https://BROKER-URL
  3. cf enable-service-access SERVICE_NAME

In this case BROKER_NAME would be aws and it would contain many service names (one for rds, one for s3). Then SERVICE_NAME would be rds for example.

How to use it

To use the service you need to create a service instance and bind it:

  1. cf create-service SERVICE_NAME shared-psql MYDB
  2. cf bind-service APP MYDB

When you do that you will have all the credentials in the VCAP_SERVICES environment variable with the JSON key rds.

Also, you will have a DATABASE_URL environment variable that will be the connection string to the DB.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.