DeletionPolicy:Snapshot cannot be specified for a cluster instance, use deletion policy on the cluster instead

Question

I am trying to create RDS cluster and aurora instance using the cloudoformation template below:

{
      "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "example setup",

  "Parameters" : {
    "DBInstanceIdentifier" : {
      "Type": "String",
      "Description": "Name for the DB instance."
    },
    "DBUser" : {
      "Type": "String",
      "Description": "Master user"
    },
    "DBPassword" : {
      "Type": "String",
      "Description": "Pass"
    },
    "DBModel" : {
      "Type": "String",
      "Description": "Instance model to be used for the DB."
    }
  },


  "Resources": {
    "RDSCluster": {
      "Type": "AWS::RDS::DBCluster",
      "Properties": {
        "MasterUsername": { "Ref" : "DBUser" },
        "MasterUserPassword": { "Ref" : "DBPassword" },
        "Engine": "aurora",
        "DBClusterParameterGroupName": "default.aurora5.6",
        "VpcSecurityGroupIds": [{"Fn::GetAtt" : [ "DBFromSiteSecurityGroup" , "GroupId" ]}]
      }
    },
    "AuroraInstance": {
      "Type": "AWS::RDS::DBInstance",
      "Properties": {
        "DBInstanceIdentifier": { "Ref" : "DBInstanceIdentifier" },
        "DBParameterGroupName": "default.aurora5.6",
        "Engine": "aurora",
        "DBClusterIdentifier": {
          "Ref": "RDSCluster"
        },
        "PubliclyAccessible": "true",
        "DBInstanceClass": { "Ref" : "DBModel" }
      }
    },

    "DBFromSiteSecurityGroup" : {
       "Type" : "AWS::EC2::SecurityGroup",
       "Properties" : {
          "GroupDescription" : "Enable MySQL",
          "SecurityGroupIngress" : [
             {"IpProtocol" : "tcp", "FromPort" : "3306", "ToPort" : "3306", "CidrIp" : "195.171.102.98/32"}
          ]
       }
    },
     "DBFromSiteSecurityGroupIngress1" : {
         "Type" : "AWS::EC2::SecurityGroupIngress",
         "Properties" : {
             "GroupName" : { "Ref" : "DBFromSiteSecurityGroup" },
             "IpProtocol" : "tcp",
             "ToPort" : "3306",
             "FromPort" : "3306",
             "SourceSecurityGroupName" : { "Ref" : "DBFromSiteSecurityGroup" }
         }
     }
  }
}

The db_model parameter I am passing is "db.t2.medium". The cluster gets created successfully in the cloudformation console however the AWS::RDS::DBInstance creation fails with the following error

"DeletionPolicy:Snapshot cannot be specified for a cluster instance, use deletion policy on the cluster instead." 

What's more weird that when I try to run the same CF template in say eu london region, it works fine!!! Is there something wrong with the EU ireland region and aurora?

Answer 1

From AWS Support

This is a known issue and has been reported by other customers as well. The service team is currently working on the fix for this but there is no ETA as to when that would be pushed.

The work-around in the meanwhile is to specify a DeletionPolicy inside the DB instance resource definition that is failing to create, with the value of 'Delete'. [1]

An example below:

"Resources": { 
    "Database1": { 
        "DeletionPolicy": "Delete", 
        "Properties": {...}, 
        "Type": "AWS::RDS::DBInstance" 
    } 
}

References: [1] DeletionPolicy - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#w2ab2c19c23c11c17