我的云形成模板中有以下YML:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
由于&#34而失败;数据库实例和EC2安全组位于不同的VPC中。数据库实例位于vpc-7c99881b中,EC2安全组位于vpc-34ef9c4d"
我尝试添加DBSecurityGroup
DbSecurityByEC2SecurityGroup:
Type: "AWS::RDS::DBSecurityGroup"
Properties:
GroupDescription: "Ingress for Amazon EC2 security group"
DBSecurityGroupIngress:
- EC2SecurityGroupId: !Ref PrivateAccess
并更改了MyDB:
DBSecurityGroups:
- !Ref DbSecurityByEC2SecurityGroup
但它现在说" EC2安全组sg-7debfb0c在不同的VPC vpc-34ef9c4d中。它不能被授权给RDS DBSecurityGroup dbsecuritybyec2securitygroup-1whvh0xi93cke for VPC vpc-7c99881b。"
vpc-34ef9c4d是我想要这个RDS的vpc,如何指定DB应该位于哪个VPC?
更新的模板:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceIdentifier: !Ref DBInstanceName
DBName: !Ref DBName
AllocatedStorage: "100"
DBInstanceClass: !Ref DBInstanceType
Engine: "postgres"
EngineVersion: "9.6.2"
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
PubliclyAccessible: false
DBSubnetGroupName: !Ref myDBSubnetGroup
StorageType: standard
VPCSecurityGroups:
- !Ref PrivateAccess
MultiAZ: true
DeletionPolicy: "Snapshot"
myDBSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "description"
SubnetIds:
- !Ref PrivateSubnet
答案 0 :(得分:7)
使用DBSubnetGroupName(http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsubnetgroupname)。这决定了VPC。如果未指定任何内容,则会在默认vpc
中创建RDS