By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Create Security group inbound for the the RDS

0

Enter image description here I want to create an inbound rule similar to the outboud rule. This I have created using the CFT attached below, How should I add the inbound rule in this?

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "The template for aurora rds instance.",
    "Parameters": {
      "projectName": {
        "Type": "String"
      }
    },
    "Resources": {
      "rdsDbInstance": {
        "Type": "AWS::RDS::DBInstance",
        "Properties": {
          "DBInstanceIdentifier": {
            "Fn::Sub": "${projectName}-instance"
          },
          "Engine": "aurora-postgresql",
          "DBClusterIdentifier": "<enforced_value>",
          "PubliclyAccessible": true,
          "DBInstanceClass": "db.t3.medium",
          "Tags" : [ {
            "Key" : "service",
            "Value" : {
              "Ref": "projectName"
            }
          } ]
        }
      }
    },
    "Outputs": {
      "DBInstanceArn": {
        "Description": "The Amazon Resource Name (ARN) for the DB instance.",
        "Value": {
          "Fn::GetAtt": [
            "rdsDbInstance",
            "DBInstanceArn"
          ]
        }
      },
      "port": {
        "Description": "The port number on which the database accepts connections.",
        "Value": {
          "Fn::GetAtt": [
            "rdsDbInstance",
            "DBInstanceArn"
          ]
        }
      }
    }
  }
Topics
DatabaseManagement & GovernanceAnalyticsNetworking & Content Delivery
Tags
PostgreSQLAWS CloudFormationAmazon AuroraSecurity Group
Language
English
HingeAjit
asked 5 months ago259 views
2 Answers
0

Hello.

A security group should be created as follows.
I don't usually create CloudFormation with JSON, so I'm sorry if there is an error.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbinstance.html#cfn-rds-dbinstance-vpcsecuritygroups

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "The template for aurora rds instance.",
    "Parameters": {
      "projectName": {
        "Type": "String"
      },
      "VPC": {
        "Type": "AWS::EC2::VPC::Id"
      }
    },
    "Resources": {
      "rdsDbInstance": {
        "Type": "AWS::RDS::DBInstance",
        "Properties": {
          "DBInstanceIdentifier": {
            "Fn::Sub": "${projectName}-instance"
          },
          "Engine": "aurora-postgresql",
          "DBClusterIdentifier": "<enforced_value>",
          "PubliclyAccessible": true,
          "DBInstanceClass": "db.t3.medium",
          "Tags" : [ {
            "Key" : "service",
            "Value" : {
              "Ref": "projectName"
            }
          } ],
          "VPCSecurityGroups": [{
            "Ref": "SecurityGroup"
          }]
        }
      },
      "SecurityGroup" : {
        "Type" : "AWS::EC2::SecurityGroup",
        "Properties" : {
            "GroupDescription" : "RDS SecurityGroup",
            "VpcId" : {"Ref" : "VPC"},
            "SecurityGroupIngress" : [{
                "IpProtocol" : "tcp",
                "FromPort" : 5432,
                "ToPort" : 5432,
                "CidrIp" : "0.0.0.0/0"
            }]
        }
    }
    },
    "Outputs": {
      "DBInstanceArn": {
        "Description": "The Amazon Resource Name (ARN) for the DB instance.",
        "Value": {
          "Fn::GetAtt": [
            "rdsDbInstance",
            "DBInstanceArn"
          ]
        }
      },
      "port": {
        "Description": "The port number on which the database accepts connections.",
        "Value": {
          "Fn::GetAtt": [
            "rdsDbInstance",
            "DBInstanceArn"
          ]
        }
      }
    }
  }
profile picture
EXPERT
Riku_Kobayashi
answered 5 months ago
0

Enter image description here getting this error

code used for cluster

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "The template for aurora rds cluster.",
  "Parameters": {
    "tagName": {
      "Type": "String",
    },
    "subnetIds": {
      "Type": "CommaDelimitedList",
    }
  },
  "Resources": {
    "dbSubnetgroup": {
      "Type": "AWS::RDS::DBSubnetGroup",
      "Properties": {
        "DBSubnetGroupDescription": "DB subnet group of aurora",
        "SubnetIds": {
          "Ref": "subnetIds"
        },
        "DBSubnetGroupName": {
          "Fn::Sub": "${tagName}-subnetGroup"
        },
        "Tags": [
          {
            "Key": "service",
            "Value": {
              "Ref": "tagName"
            }
          }
        ]
      }
    },
    "rdsCluster": {
      "Type": "AWS::RDS::DBCluster",
      "Properties": {
        "MasterUsername": {
          "Ref": "dbUsername"
        },
        "MasterUserPassword": {
          "Ref": "dbPassword"
        },
        "DBClusterIdentifier": {
          "Fn::Sub": "${tagName}"
        },
        "Engine": "aurora-postgresql",
        "DBSubnetGroupName": {
          "Fn::Sub": "${tagName}-subnetGroup"
        },
        "EnableCloudwatchLogsExports": [
          "postgresql"
        ],
        "EnableHttpEndpoint": true,
        "Port": 5432,
        "VpcSecurityGroupIds" : [
          {
            "Ref": "SecurityGroup"
          }
        ],
        "Tags": [
          {
            "Key": "service",
            "Value": {
              "Ref": "tagName"
            }
          }
        ]
      },
      "DependsOn": [
        "dbSubnetgroup"
      ]
    },
    "SecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "RDS SecurityGroup",
        "VpcId": "<vpc>",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": 5432,
            "ToPort": 5432,
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    }
  },
  "Outputs": {
    "clusterEndpoint": {
      "Description": "The RDS Cluster endpoint",
      "Value": {
        "Fn::GetAtt": [
          "rdsCluster",
          "Endpoint.Address"
        ]
      }
    },
    "clusterName": {
      "Description": "The RDS Cluster Name",
      "Value": {
        "Ref": "rdsCluster"
      }
    },
    "securityGroupId": {
      "Description": "The RDS Cluster Name",
      "Value": {
        "Ref": "SecurityGroup"
      }
    }
  }
}

code for instance

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "The template for aurora rds instance.",
  "Parameters": {
    "projectName": {
      "Type": "String",
      "Default": "test"
    }
  },
  "Resources": {
    "rdsDbInstance": {
      "Type": "AWS::RDS::DBInstance",
      "Properties": {
        "DBInstanceIdentifier": {
          "Fn::Sub": "${projectName}-instance"
        },
        "Engine": "aurora-postgresql",
        "DBClusterIdentifier": "testrds",
        "PubliclyAccessible": true,
        "DBInstanceClass": "db.t3.medium",
        "Tags": [
          {
            "Key": "service",
            "Value": {
              "Ref": "projectName"
            }
          }
        ],
        "VPCSecurityGroups": ["sg-05e028dummy"
        ]
      }
    }
  },
  "Outputs": {
    "DBInstanceArn": {
      "Description": "The Amazon Resource Name (ARN) for the DB instance.",
      "Value": {
        "Fn::GetAtt": [
          "rdsDbInstance",
          "DBInstanceArn"
        ]
      }
    },
    "port": {
      "Description": "The port number on which the database accepts connections.",
      "Value": {
        "Fn::GetAtt": [
          "rdsDbInstance",
          "DBInstanceArn"
        ]
      }
    }
  }
}
HingeAjit
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content