Create Security group inbound for the the RDS
0
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "The template for aurora rds instance.",
"Parameters": {
"projectName": {
"Type": "String"
}
},
"Resources": {
"rdsDbInstance": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBInstanceIdentifier": {
"Fn::Sub": "${projectName}-instance"
},
"Engine": "aurora-postgresql",
"DBClusterIdentifier": "<enforced_value>",
"PubliclyAccessible": true,
"DBInstanceClass": "db.t3.medium",
"Tags" : [ {
"Key" : "service",
"Value" : {
"Ref": "projectName"
}
} ]
}
}
},
"Outputs": {
"DBInstanceArn": {
"Description": "The Amazon Resource Name (ARN) for the DB instance.",
"Value": {
"Fn::GetAtt": [
"rdsDbInstance",
"DBInstanceArn"
]
}
},
"port": {
"Description": "The port number on which the database accepts connections.",
"Value": {
"Fn::GetAtt": [
"rdsDbInstance",
"DBInstanceArn"
]
}
}
}
}
2 Antworten
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Hello.
A security group should be created as follows.
I don't usually create CloudFormation with JSON, so I'm sorry if there is an error.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-vpcsecuritygroups
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "The template for aurora rds instance.",
"Parameters": {
"projectName": {
"Type": "String"
},
"VPC": {
"Type": "AWS::EC2::VPC::Id"
}
},
"Resources": {
"rdsDbInstance": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBInstanceIdentifier": {
"Fn::Sub": "${projectName}-instance"
},
"Engine": "aurora-postgresql",
"DBClusterIdentifier": "<enforced_value>",
"PubliclyAccessible": true,
"DBInstanceClass": "db.t3.medium",
"Tags" : [ {
"Key" : "service",
"Value" : {
"Ref": "projectName"
}
} ],
"VPCSecurityGroups": [{
"Ref": "SecurityGroup"
}]
}
},
"SecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "RDS SecurityGroup",
"VpcId" : {"Ref" : "VPC"},
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : 5432,
"ToPort" : 5432,
"CidrIp" : "0.0.0.0/0"
}]
}
}
},
"Outputs": {
"DBInstanceArn": {
"Description": "The Amazon Resource Name (ARN) for the DB instance.",
"Value": {
"Fn::GetAtt": [
"rdsDbInstance",
"DBInstanceArn"
]
}
},
"port": {
"Description": "The port number on which the database accepts connections.",
"Value": {
"Fn::GetAtt": [
"rdsDbInstance",
"DBInstanceArn"
]
}
}
}
}
0
code used for cluster
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "The template for aurora rds cluster.",
"Parameters": {
"tagName": {
"Type": "String",
},
"subnetIds": {
"Type": "CommaDelimitedList",
}
},
"Resources": {
"dbSubnetgroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties": {
"DBSubnetGroupDescription": "DB subnet group of aurora",
"SubnetIds": {
"Ref": "subnetIds"
},
"DBSubnetGroupName": {
"Fn::Sub": "${tagName}-subnetGroup"
},
"Tags": [
{
"Key": "service",
"Value": {
"Ref": "tagName"
}
}
]
}
},
"rdsCluster": {
"Type": "AWS::RDS::DBCluster",
"Properties": {
"MasterUsername": {
"Ref": "dbUsername"
},
"MasterUserPassword": {
"Ref": "dbPassword"
},
"DBClusterIdentifier": {
"Fn::Sub": "${tagName}"
},
"Engine": "aurora-postgresql",
"DBSubnetGroupName": {
"Fn::Sub": "${tagName}-subnetGroup"
},
"EnableCloudwatchLogsExports": [
"postgresql"
],
"EnableHttpEndpoint": true,
"Port": 5432,
"VpcSecurityGroupIds" : [
{
"Ref": "SecurityGroup"
}
],
"Tags": [
{
"Key": "service",
"Value": {
"Ref": "tagName"
}
}
]
},
"DependsOn": [
"dbSubnetgroup"
]
},
"SecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "RDS SecurityGroup",
"VpcId": "<vpc>",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 5432,
"ToPort": 5432,
"CidrIp": "0.0.0.0/0"
}
]
}
}
},
"Outputs": {
"clusterEndpoint": {
"Description": "The RDS Cluster endpoint",
"Value": {
"Fn::GetAtt": [
"rdsCluster",
"Endpoint.Address"
]
}
},
"clusterName": {
"Description": "The RDS Cluster Name",
"Value": {
"Ref": "rdsCluster"
}
},
"securityGroupId": {
"Description": "The RDS Cluster Name",
"Value": {
"Ref": "SecurityGroup"
}
}
}
}
code for instance
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "The template for aurora rds instance.",
"Parameters": {
"projectName": {
"Type": "String",
"Default": "test"
}
},
"Resources": {
"rdsDbInstance": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"DBInstanceIdentifier": {
"Fn::Sub": "${projectName}-instance"
},
"Engine": "aurora-postgresql",
"DBClusterIdentifier": "testrds",
"PubliclyAccessible": true,
"DBInstanceClass": "db.t3.medium",
"Tags": [
{
"Key": "service",
"Value": {
"Ref": "projectName"
}
}
],
"VPCSecurityGroups": ["sg-05e028dummy"
]
}
}
},
"Outputs": {
"DBInstanceArn": {
"Description": "The Amazon Resource Name (ARN) for the DB instance.",
"Value": {
"Fn::GetAtt": [
"rdsDbInstance",
"DBInstanceArn"
]
}
},
"port": {
"Description": "The port number on which the database accepts connections.",
"Value": {
"Fn::GetAtt": [
"rdsDbInstance",
"DBInstanceArn"
]
}
}
}
}
beantwortet vor 5 Monaten
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 2 Jahren- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 3 Jahren