Is it still ok to use AWS::RDS::DBSecurityGroup in CloudFormation templates?

1

I'm wondering if it's still ok to use AWS::RDS::DBSecurityGroup in cloudformation templates. I've seen conflicting answers when I search.

Some folks say that DBSecurityGroup should not be used while the AWS documentation references it liberally (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-rds.html)

Other folks say that "VPCSecurityGroups" should be used instead.

I see that if I use DBSecurityGroup in us-east-1, things work but if I use it in us-east-2, CF errors out.

Is there anyone that can help clarify things for me?

Thanks so much!

1 Answer
0

Hello.

"AWS::RDS::DBSecurityGroup" is a resource created exclusively for EC2-Classic.
EC2-Classic is already obsolete, so if you want to create it in a new VPC, etc., you need to create it using "VPCSecurityGroups".
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsecuritygroup.html
https://aws.amazon.com/jp/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-dbsecuritygroups

If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups.

profile picture
EXPERT
answered 5 months ago
profile pictureAWS
EXPERT
reviewed 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions