2 Answers
- Newest
- Most votes
- Most comments
0
I'm having the same issue and am unable to modify individual db instances of my multi-AZ cluster
answered 6 months ago
0
For everyone coming here. This is my workarround. Before deploy the CFN template, we override the CA Certificate
aws rds modify-certificates --certificate-identifier rds-ca-rsa2048-g1
So the new instance will use rds-ca-rsa2048-g1
And then, we deploy the CFN template
CMSDBCluster:
Type: AWS::RDS::DBCluster
Condition: IsProduction
Properties:
AllocatedStorage: 100
BackupRetentionPeriod: 30
DatabaseName: !Ref CMSDBName
DBClusterIdentifier: !Sub "${App}-${Env}-cms"
DBClusterInstanceClass: db.m5d.large
DBClusterParameterGroupName: !Ref "CMSDBClusterParameterGroup"
DBInstanceParameterGroupName: !Ref "CMSDBParameterGroup"
DBSubnetGroupName: !Ref "CMSDBSubnetGroup"
DeletionProtection: true
EnableCloudwatchLogsExports:
- postgresql
Engine: postgres
EngineMode: provisioned
EngineVersion: "15.3"
Iops: 1000
MasterUsername: !Sub "db_${Env}_admin"
MasterUserPassword: !Ref CMSDBPassword
NetworkType: IPV4
PerformanceInsightsEnabled: true
PerformanceInsightsRetentionPeriod: 7
Port: 5432
PreferredBackupWindow: "15:00-16:00"
PreferredMaintenanceWindow: "Sun:16:05-Sun:17:00"
PubliclyAccessible: false
StorageEncrypted: true
StorageType: io1
VpcSecurityGroupIds:
- Fn::GetAtt: CMSDBSecurityGroup.GroupId
Tags:
- Key: application
Value: !Sub ${App}
- Key: environment
Value: !Sub ${Env}
The result it will use rds-ca-rsa2048-g1 instead of the old one. I hope in the near future, aws will add CACertificate to AWS::RDS::DBCluster resource if the engine is postgres or mysql. Thanks
answered 6 months ago
Relevant content
- asked 2 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago