Home > Software engineering >  Connecting a security group to rds using cloudformation
Connecting a security group to rds using cloudformation

Time:03-15

I am trying to define an rds with a security group using cloud formation. I am creating a stack with a configuration yaml file I wrote and although all resources are created the security group attached to the rds is the default security group and not the one I am creating.

This is the configuration file I wrote:

Description: RDS Postgres
Parameters:
  EnvironmentName:
    Type: String
    Default: staging
  RegionName:
      Type: String
      Default: us-east-2
  VPCCidrIP:
      Type: String
      Default: 20.0.0.0/16
  VPCBridgeCidrIP:
      Type: String
      Default: 30.0.0.0/16

Resources:
  RdsSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      Tags:
        - Key: Name
          Value: !Join [ '-', ['rds', !Ref EnvironmentName] ]
      GroupDescription: Access to RDS
      SecurityGroupIngress: 
      - IpProtocol: tcp
        Description: vpc bridge
        CidrIp: !Ref VPCBridgeCidrIP
        FromPort: 5432
        ToPort: 5432
      - IpProtocol: tcp
        Description:  !Join [ ' ', ['vpc', !Ref EnvironmentName] ]
        CidrIp: !Ref VPCCidrIP
        FromPort: 5432
        ToPort: 5432

  StiggRDS:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: "20"
      AllowMajorVersionUpgrade: false
      AutoMinorVersionUpgrade: false
  #    AvailabilityZone: !Ref RegionName
      BackupRetentionPeriod: 7
  #    CACertificateIdentifier: "rds-ca-2019"
      CopyTagsToSnapshot: true
      DBInstanceClass: "db.t3.micro"
      DBInstanceIdentifier: !Join [ '-', [****, !Ref EnvironmentName] ]
      # DBParameterGroupName:
      #   - Fn::ImportValue: !Sub ${EnvironmentName}:DBSubnetGroupName
      # DBSubnetGroupName:
      #   - Fn::ImportValue: !Sub ${EnvironmentName}:DBSubnetGroupName
      DeletionProtection: false
      EnablePerformanceInsights: true
      Engine: "postgres"
      EngineVersion: "13.3"
  #    KmsKeyId: String
  #    LicenseModel: String
      MasterUsername: postgres
      MasterUserPassword: postgres
      #TODO:if prod then multiaz
      MultiAZ: false
      Port: 5432
      PreferredBackupWindow: "01:52-02:22"
      PreferredMaintenanceWindow: "tue:03:34-tue:04:04"
      #TODO:Change that
      PubliclyAccessible: true
      VPCSecurityGroups: 
        - !Ref RdsSecurityGroup

Does anyone have a clue on how can I connect both of the resources?

Thank you!

CodePudding user response:

You should specify a VPCSecurityGroups property.

See: AWS::RDS::DBInstance - AWS CloudFormation

CodePudding user response:

so I tried adding an instance of DBSecurity group but still without succsess. I can't find how to properly connect the resources to each other.

This is the file with the addition of a DB group

   Description: RDS Postgres
Parameters:
  EnvironmentName:
    Type: String
    Default: staging
  RegionName:
      Type: String
      Default: us-east-2
  VPCCidrIP:
      Type: String
      Default: 20.0.0.0/16
  VPCBridgeCidrIP:
      Type: String
      Default: 30.0.0.0/16

Resources:
  EC2SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      Tags:
        - Key: Name
          Value: !Join [ '-', ['rds', !Ref EnvironmentName] ]
      GroupDescription: Access to RDS
      SecurityGroupIngress: 
      - IpProtocol: tcp
        Description: vpc bridge
        CidrIp: !Ref VPCBridgeCidrIP
        FromPort: 5432
        ToPort: 5432
      - IpProtocol: tcp
        Description:  !Join [ ' ', ['vpc', !Ref EnvironmentName] ]
        CidrIp: !Ref VPCCidrIP
        FromPort: 5432
        ToPort: 5432

  RDSSecurityGroup:
    Type: AWS::RDS::DBSecurityGroup
    Properties: 
      DBSecurityGroupIngress:
        EC2SecurityGroupId: !GetAtt EC2SecurityGroup.GroupId

  StiggRDS:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: "20"
      AllowMajorVersionUpgrade: false
      AutoMinorVersionUpgrade: false
  #    AvailabilityZone: !Ref RegionName
      BackupRetentionPeriod: 7
  #    CACertificateIdentifier: "rds-ca-2019"
      CopyTagsToSnapshot: true
      DBInstanceClass: "db.t3.micro"
      DBInstanceIdentifier: !Join [ '-', [****, !Ref EnvironmentName] ]
      DeletionProtection: false
      EnablePerformanceInsights: true
      Engine: "postgres"
      EngineVersion: "13.3"
      MasterUsername: postgres
      MasterUserPassword: postgres
      #TODO:if prod then multiaz
      MultiAZ: false
      Port: 5432
      PreferredBackupWindow: "01:52-02:22"
      PreferredMaintenanceWindow: "tue:03:34-tue:04:04"
      PubliclyAccessible: true
      VPCSecurityGroupsIds:
        - !Ref RdsSecurityGroup

Page link:https//www.codepudding.com/Softwareengineering/335764.html

Prev:how to get DNS ELB automatically ELB AWS Cloud formation
Next:React, I want to print out an object in a function
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding