Menu
I made following simple CloudFormation template. It tries to create one security group and one RDS, with RDS using the created security group as its security group config.
AWSTemplateFormatVersion: 2010-09-09
Parameters:
TestDBMasterUserPassword:
Type: String
NoEcho: true
Resources:
TestDB:
Type: 'AWS::RDS::DBInstance'
Properties:
Engine: mysql
DBInstanceClass: db.t2.micro
AllocatedStorage: 20
MasterUsername: root
MasterUserPassword: !Ref TestDBMasterUserPassword
VPCSecurityGroups:
- !Ref TestDBSecurityGroup
TestDBSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Security Group for TestDB
Creating a stack from this template results in an error, as shown below:
16:58:43 UTC+0900 CREATE_FAILED AWS::RDS::DBInstance TestDB Invalid security group , groupId= inoue-test-stack-testdbsecuritygroup-10t6gvze4gs5k, groupName=. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 16c7e4c5-9201-4dc7-b5b4-8f536c6b807d)
I can't figure out why such error occurs..
849
To create a security group, use the VpcId property to specify the VPC for which to create the security group. This type supports updates. For more information about updating stacks, see AWS CloudFormation Stacks Updates.
Create a new security group (as your have done), then go to the RDS console, click on your database, then choose Instance actions -> Modify and modify the security groups that are associated with the DB instance (add the new security group, remove the default security group)
When you can't connect to a DB instance, the following are common causes: Inbound rules – The access rules enforced by your local firewall and the IP addresses authorized to access your DB instance might not match. The problem is most likely the inbound rules in your security group.
When you do !Ref AWS::EC2::SecurityGroup in the VPCSecurityGroups property, this returns the name of the security group and not the ID, which is what the VPCSecurityGroups property requires. Try using - Fn::GetAtt: [ TestDBSecurityGroup, GroupId ] instead.
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
