Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Issue with creating a Postgres RDS in Cloudformation Template

I have the following YML in my cloud formation template:

MyDB:
  Type: "AWS::RDS::DBInstance"
  Properties:
    DBInstanceIdentifier: !Ref DBInstanceName
    DBName: !Ref DBName
    AllocatedStorage: "100"
    DBInstanceClass: !Ref DBInstanceType
    Engine: "postgres"
    EngineVersion: "9.6.2"
    MasterUsername: !Ref DBUsername
    MasterUserPassword: !Ref DBPassword
    PubliclyAccessible: false
    StorageType: standard
    VPCSecurityGroups:
      - !Ref PrivateAccess
    MultiAZ: true
  DeletionPolicy: "Snapshot"

It is failing due to "The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-7c99881b and the EC2 security group is in vpc-34ef9c4d"

I tried adding a DBSecurityGroup

DbSecurityByEC2SecurityGroup:
  Type: "AWS::RDS::DBSecurityGroup"
  Properties:
  GroupDescription: "Ingress for Amazon EC2 security group"
  DBSecurityGroupIngress:
    - EC2SecurityGroupId: !Ref PrivateAccess

and changed the MyDB:

      DBSecurityGroups:
    - !Ref DbSecurityByEC2SecurityGroup

but it now says "EC2 security group sg-7debfb0c is in a different VPC vpc-34ef9c4d. It cannot be authorized to RDS DBSecurityGroup dbsecuritybyec2securitygroup-1whvh0xi93cke for VPC vpc-7c99881b."

vpc-34ef9c4d is the vpc i am wanting this RDS in, how do I specify which VPC the DB should be located in?

Updated Template:

MyDB:
  Type: "AWS::RDS::DBInstance"
  Properties:
    DBInstanceIdentifier: !Ref DBInstanceName
    DBName: !Ref DBName
    AllocatedStorage: "100"
    DBInstanceClass: !Ref DBInstanceType
    Engine: "postgres"
    EngineVersion: "9.6.2"
    MasterUsername: !Ref DBUsername
    MasterUserPassword: !Ref DBPassword
    PubliclyAccessible: false
    DBSubnetGroupName: !Ref myDBSubnetGroup
    StorageType: standard
    VPCSecurityGroups:
      - !Ref PrivateAccess
    MultiAZ: true
  DeletionPolicy: "Snapshot"

myDBSubnetGroup:
  Type: "AWS::RDS::DBSubnetGroup"
  Properties:
    DBSubnetGroupDescription: "description"
    SubnetIds:
      - !Ref PrivateSubnet
like image 868
jaekie Avatar asked Aug 01 '17 18:08

jaekie


1 Answers

Use DBSubnetGroupName (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsubnetgroupname). That determines the VPC. If nothing is specified, RDS is created in the default vpc

like image 151
krishna_mee2004 Avatar answered Sep 30 '22 14:09

krishna_mee2004