Issue with creating a Postgres RDS in Cloudformation Template

Question 1

I have the following YML in my cloud formation template:

MyDB:
  Type: "AWS::RDS::DBInstance"
  Properties:
    DBInstanceIdentifier: !Ref DBInstanceName
    DBName: !Ref DBName
    AllocatedStorage: "100"
    DBInstanceClass: !Ref DBInstanceType
    Engine: "postgres"
    EngineVersion: "9.6.2"
    MasterUsername: !Ref DBUsername
    MasterUserPassword: !Ref DBPassword
    PubliclyAccessible: false
    StorageType: standard
    VPCSecurityGroups:
      - !Ref PrivateAccess
    MultiAZ: true
  DeletionPolicy: "Snapshot"

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

MyDB:

Type: "AWS::RDS::DBInstance"

Properties:

DBInstanceIdentifier: !Ref DBInstanceName

DBName: !Ref DBName

AllocatedStorage: "100"

DBInstanceClass: !Ref DBInstanceType

Engine: "postgres"

EngineVersion: "9.6.2"

MasterUsername: !Ref DBUsername

MasterUserPassword: !Ref DBPassword

PubliclyAccessible: false

StorageType: standard

VPCSecurityGroups:

- !Ref PrivateAccess

MultiAZ: true

DeletionPolicy: "Snapshot"

It is failing due to “The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-7c99881b and the EC2 security group is in vpc-34ef9c4d”

I tried adding a DBSecurityGroup

DbSecurityByEC2SecurityGroup:
  Type: "AWS::RDS::DBSecurityGroup"
  Properties:
  GroupDescription: "Ingress for Amazon EC2 security group"
  DBSecurityGroupIngress:
    - EC2SecurityGroupId: !Ref PrivateAccess

1

2

3

4

5

6

7

DbSecurityByEC2SecurityGroup:

Type: "AWS::RDS::DBSecurityGroup"

Properties:

GroupDescription: "Ingress for Amazon EC2 security group"

DBSecurityGroupIngress:

- EC2SecurityGroupId: !Ref PrivateAccess

and changed the MyDB:

      DBSecurityGroups:
    - !Ref DbSecurityByEC2SecurityGroup

1

2

3

DBSecurityGroups:

- !Ref DbSecurityByEC2SecurityGroup

but it now says “EC2 security group sg-7debfb0c is in a different VPC vpc-34ef9c4d. It cannot be authorized to RDS DBSecurityGroup dbsecuritybyec2securitygroup-1whvh0xi93cke for VPC vpc-7c99881b.”

vpc-34ef9c4d is the vpc i am wanting this RDS in, how do I specify which VPC the DB should be located in?

Updated Template:

MyDB:
  Type: "AWS::RDS::DBInstance"
  Properties:
    DBInstanceIdentifier: !Ref DBInstanceName
    DBName: !Ref DBName
    AllocatedStorage: "100"
    DBInstanceClass: !Ref DBInstanceType
    Engine: "postgres"
    EngineVersion: "9.6.2"
    MasterUsername: !Ref DBUsername
    MasterUserPassword: !Ref DBPassword
    PubliclyAccessible: false
    DBSubnetGroupName: !Ref myDBSubnetGroup
    StorageType: standard
    VPCSecurityGroups:
      - !Ref PrivateAccess
    MultiAZ: true
  DeletionPolicy: "Snapshot"

myDBSubnetGroup:
  Type: "AWS::RDS::DBSubnetGroup"
  Properties:
    DBSubnetGroupDescription: "description"
    SubnetIds:
      - !Ref PrivateSubnet

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

MyDB:

Type: "AWS::RDS::DBInstance"

Properties:

DBInstanceIdentifier: !Ref DBInstanceName

DBName: !Ref DBName

AllocatedStorage: "100"

DBInstanceClass: !Ref DBInstanceType

Engine: "postgres"

EngineVersion: "9.6.2"

MasterUsername: !Ref DBUsername

MasterUserPassword: !Ref DBPassword

PubliclyAccessible: false

DBSubnetGroupName: !Ref myDBSubnetGroup

StorageType: standard

VPCSecurityGroups:

- !Ref PrivateAccess

MultiAZ: true

DeletionPolicy: "Snapshot"

myDBSubnetGroup:

Type: "AWS::RDS::DBSubnetGroup"

Properties:

DBSubnetGroupDescription: "description"

SubnetIds:

- !Ref PrivateSubnet

Question 2

Use DBSubnetGroupName (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsubnetgroupname). That determines the VPC. If nothing is specified, RDS is created in the default vpc

Issue with creating a Postgres RDS in Cloudformation Template

Question:

Answer:

Leave a Reply Cancel reply