I have the following YML in my cloud formation template:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
It is failing due to "The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-7c99881b and the EC2 security group is in vpc-34ef9c4d"
I tried adding a DBSecurityGroup
DbSecurityByEC2SecurityGroup:
Type: "AWS::RDS::DBSecurityGroup"
Properties:
GroupDescription: "Ingress for Amazon EC2 security group"
DBSecurityGroupIngress:
- EC2SecurityGroupId: !Ref PrivateAccess
and changed the MyDB:
DBSecurityGroups:
- !Ref DbSecurityByEC2SecurityGroup
but it now says "EC2 security group sg-7debfb0c is in a different VPC vpc-34ef9c4d. It cannot be authorized to RDS DBSecurityGroup dbsecuritybyec2securitygroup-1whvh0xi93cke for VPC vpc-7c99881b."
vpc-34ef9c4d is the vpc i am wanting this RDS in, how do I specify which VPC the DB should be located in?
Updated Template:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
DBSubnetGroupName: !Ref myDBSubnetGroup
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
myDBSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "description"
SubnetIds:
- !Ref PrivateSubnet
Use DBSubnetGroupName (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsubnetgroupname). That determines the VPC. If nothing is specified, RDS is created in the default vpc
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With