我正在尝试通过云形成模板在西部地区为东部的RDS数据库创建一个只读副本。 我收到一个错误:
Cannot create a cross region unencrypted read replica from encrypted source.
但是,我尝试提供kms密钥ID并将CopyTagsToSnapshot标记为true。以下是我的云形成的样子:
Resources:
MyDB:
Type: AWS::RDS::DBInstance
Properties:
SourceDBInstanceIdentifier: !Ref ReadReplicaURL
AllocatedStorage: !Ref DBAllocatedStorage
CopyTagsToSnapshot: true
DBSubnetGroupName: !Ref DBSubnetGroup
VPCSecurityGroups:
- !Ref DBSG1
KmsKeyId: !Ref DBEncryptionKey
StorageEncrypted: true
DBInstanceClass: !Ref DBInstanceClass
DBInstanceIdentifier: !Ref DBInstanceIdentifier
Iops: !Ref DBIops
MonitoringInterval: !Ref DBMonitoringInterval
Engine: !Ref Engine
MonitoringRoleArn: !Ref DBMonitoringRoleARN
Port: !Ref DBPort
PreferredMaintenanceWindow: !Ref DBPreferredMaintenanceWindow
StorageType: io1
答案 0 :(得分:2)
我从AWS代表那里得到答案:
遗憾的是,目前无法通过CloudFormation创建加密的RDS跨区域只读副本。有一个有效的功能请求来实现我已添加你的声音的这个功能。功能实现后,将在此页面上公布:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html