Is it still ok to use AWS::RDS::DBSecurityGroup in CloudFormation templates?

Question

I'm wondering if it's still ok to use AWS::RDS::DBSecurityGroup in cloudformation templates.  I've seen conflicting answers when I search.

Some folks say that DBSecurityGroup should not be used while the AWS documentation references it liberally (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-rds.html)

Other folks say that "VPCSecurityGroups" should be used instead.

I see that if I use DBSecurityGroup in us-east-1, things work but if I use it in us-east-2, CF errors out.

Is there anyone that can help clarify things for me?

Thanks so much!

Riku_Kobayashi · Answer

Hello.

"AWS::RDS::DBSecurityGroup" is a resource created exclusively for EC2-Classic.  
EC2-Classic is already obsolete, so if you want to create it in a new VPC, etc., you need to create it using "VPCSecurityGroups".  
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbsecuritygroup.html  
https://aws.amazon.com/jp/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-dbsecuritygroups  
> If you set DBSecurityGroups, you must not set VPCSecurityGroups, and vice versa. Also, note that the DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups.

Is it still ok to use AWS::RDS::DBSecurityGroup in CloudFormation templates?

Add your answer

Relevant content