在 Cloudformation 模板中创建 Postgres RDS 的问题
Issue with creating a Postgres RDS in Cloudformation Template
我的云形成模板中有以下 YML:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
因 "The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-7c99881b and the EC2 security group is in vpc-34ef9c4d"
而失败
我尝试添加一个 DBSecurityGroup
DbSecurityByEC2SecurityGroup:
Type: "AWS::RDS::DBSecurityGroup"
Properties:
GroupDescription: "Ingress for Amazon EC2 security group"
DBSecurityGroupIngress:
- EC2SecurityGroupId: !Ref PrivateAccess
并更改了 MyDB:
DBSecurityGroups:
- !Ref DbSecurityByEC2SecurityGroup
但现在显示 "EC2 security group sg-7debfb0c is in a different VPC vpc-34ef9c4d. It cannot be authorized to RDS DBSecurityGroup dbsecuritybyec2securitygroup-1whvh0xi93cke for VPC vpc-7c99881b."
vpc-34ef9c4d 是我想要这个 RDS 的 vpc,我如何指定数据库应该位于哪个 VPC?
更新模板:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
DBSubnetGroupName: !Ref myDBSubnetGroup
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
myDBSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "description"
SubnetIds:
- !Ref PrivateSubnet
使用 DBSubnetGroupName (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsubnetgroupname)。这决定了 VPC。如果不指定,则在默认vpc
中创建RDS
我的云形成模板中有以下 YML:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
因 "The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-7c99881b and the EC2 security group is in vpc-34ef9c4d"
而失败我尝试添加一个 DBSecurityGroup
DbSecurityByEC2SecurityGroup:
Type: "AWS::RDS::DBSecurityGroup"
Properties:
GroupDescription: "Ingress for Amazon EC2 security group"
DBSecurityGroupIngress:
- EC2SecurityGroupId: !Ref PrivateAccess
并更改了 MyDB:
DBSecurityGroups:
- !Ref DbSecurityByEC2SecurityGroup
但现在显示 "EC2 security group sg-7debfb0c is in a different VPC vpc-34ef9c4d. It cannot be authorized to RDS DBSecurityGroup dbsecuritybyec2securitygroup-1whvh0xi93cke for VPC vpc-7c99881b."
vpc-34ef9c4d 是我想要这个 RDS 的 vpc,我如何指定数据库应该位于哪个 VPC?
更新模板:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
DBSubnetGroupName: !Ref myDBSubnetGroup
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
myDBSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "description"
SubnetIds:
- !Ref PrivateSubnet
使用 DBSubnetGroupName (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsubnetgroupname)。这决定了 VPC。如果不指定,则在默认vpc
中创建RDS