I have a security group attached to an RDS instance that allows port 5432 traffic from the EC2 instances.
The RDS instance has a read replica created in a different region.
From my understanding, AWS will take care of replication and add the necessary configuration by itself for replicating source RDS data to the read replica.
For me to be able to read data from the read replica, all I need to make sure is to allow incoming traffic to the read replica in the other region.
Are security groups copied over from the DB instance to the read replica?
Do I need to create a new security group for the read replica?
CodePudding user response:
Do I need to create a new security group for the read replica?
Yes.
You will need to configure a new security group for the cross-region read replica.
As per Amazon RDS User Guide for cross-region read replicas:
The read replica uses the default security group.