Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

terraform the db instance and ec2 security group are in different vpcs

i am trying to create a vpc with public and private subnet along with Aurora mysql cluster and instance in same vpc with custom security group for RDS.

i've created vpc (public/private subnet, custom security group) in a module. also aurora-mysql in different module.

My vpc configuration in a module file

resource "aws_vpc" "main" {
    cidr_block       = "${var.vpc_cidr}"
    instance_tenancy = "${var.tenancy}"
    enable_dns_support = "true"
    enable_dns_hostnames = "true"
   tags {
      Name = "${var.tag_name}"
   }
}

resource "aws_subnet" "main-public-1" {
   vpc_id     = "${var.vpc_id}"
   cidr_block = "${var.subnet_cidr_1}"
   availability_zone = "${var.region}a"
   map_public_ip_on_launch = true
   tags {
       Name = "${var.tag_name}-subnet1"
    }
}

resource "aws_subnet" "main-private-1" {
    count      = "${var.create_private_subnet}"
    vpc_id     = "${var.vpc_id}"
    cidr_block = "${var.private_subnet_cidr_1}"
    map_public_ip_on_launch = false
    availability_zone = "${var.region}a"

   tags {
        Name = "${var.tag_name}-private-subnet1"
    }
}
resource "aws_subnet" "main-private-2" {
    count      = "${var.create_private_subnet}"
    vpc_id     = "${var.vpc_id}"
    cidr_block = "${var.private_subnet_cidr_2}"
    map_public_ip_on_launch = false
    availability_zone = "${var.region}b"

    tags {
        Name = "${var.tag_name}-private-subnet2"
    }
}

resource "aws_security_group" "aurora-sg" {
  name   = "aurora-security-group"
  vpc_id = "${var.vpc_id}"
  ingress {
    protocol    = "tcp"
    from_port   = 0
    to_port     = 65535
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    protocol    = -1
    from_port   = 0 
    to_port     = 0 
    cidr_blocks = ["0.0.0.0/0"]
  }
}

My RDS configuration in a module file

resource "aws_rds_cluster" "cluster" {
  cluster_identifier     = "${var.cluster_name}"
  engine                 = "aurora-mysql"
  database_name          = "sample_rds"
  master_username        = "${var.username}"
  master_password        = "${var.password}"
  vpc_security_group_ids = ["${aws_security_group.aurora-sg.id}"]
  skip_final_snapshot    = true
}

resource "aws_rds_cluster_instance" "cluster_instances" {
  identifier         = "${var.cluster_name}-instance"
  cluster_identifier = "${aws_rds_cluster.cluster.id}"
  instance_class     = "${var.instance_class}"
  publicly_accessible = "${var.publicly_accessible}"
  db_subnet_group_name    = 
        "${aws_db_subnet_group.aurora_subnet_group.id}"
}

resource "aws_db_subnet_group" "aurora_subnet_group" {
  name       = "tf-rds-${var.cluster_name}"
  subnet_ids = ["${var.subnets}"]

  tags {
    Name = "tf-rds-${var.cluster_name}"
  }
}

My main terraform script. i have passed variables to RDS module like vpc_id, db username and password,private subnet ids and security group id

module "aurora_mysql" {
  source      = "../modules/rds-aurora"

  vpc_id              = "${module.my_vpc.vpc_id}"
  publicly_accessible = true
  instance_class      = "db.t2.medium"
  username            = "${var.db_username}"
  password            = "${var.db_password}"
  subnets             = 
 ["${module.my_vpc.subnet_id_1[1]}","${module.my_vpc.subnet_id_1[2]}"]
  security_group_ids = "${module.my_vpc.vpc_rds_sg_id}"
}

When i try to apply the configuration vpc created successfully with subnet and security group but get the error Error creating DB Instance: InvalidParameterCombination: DB instance and EC2 security group are in different VPC

My RDS instance gets created in the default VPC even though i am passing new vpc private subnet ids and custom security group id.

like image 540
Aman Babbar Avatar asked Nov 20 '18 05:11

Aman Babbar


1 Answers

Maybe a bit old but i had the same problem. Maybe interesting for others who have that problem. The key is the "db_subnet_group_name" in "aws_rds_cluster" or "aws_rds_cluster_instance".

From the docs:

db_subnet_group_name - (Optional) Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC...

I saw that you used the "id" instead of the "name"

db_subnet_group_name    = "${aws_db_subnet_group.aurora_subnet_group.id}"

With name:

db_subnet_group_name    = "${aws_db_subnet_group.aurora_subnet_group.name}"

Maybe that was the problem.

like image 137
Cramble Avatar answered Nov 02 '22 19:11

Cramble