AWS::RDS::DBSecurityGroup
The AWS::RDS::DBSecurityGroup type is used to create or update an Amazon RDS DB Security Group. For more information about DB security groups, see Working with DB Security Groups in the Amazon Relational Database Service Developer Guide. For details on the settings for DB security groups, see CreateDBSecurityGroup.
Note
If you use DB security groups, the settings that you can specify for your DB instances are limited. For more information, see the DBSecurityGroups property.
When you specify an AWS::RDS::DBSecurityGroup as an argument to the Ref function, AWS CloudFormation returns
the value of the DBSecurityGroupName.
Topics
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
Copy{ "Type" : "AWS::RDS::DBSecurityGroup", "Properties" : { "EC2VpcId" : { "Ref" :"myVPC"}, "DBSecurityGroupIngress" : [RDS Security Group Rule object 1, ...], "GroupDescription" :String, "Tags" : [Resource Tag, ...] } }
YAML
CopyType: "AWS::RDS::DBSecurityGroup" Properties: EC2VpcId:StringDBSecurityGroupIngress: -RDS Security Group RuleGroupDescription:StringTags: -Resource Tag
Properties
EC2VpcId-
The Id of VPC. Indicates which VPC this DB Security Group should belong to.
Type: String
Required: Conditional. Must be specified to create a DB Security Group for a VPC; may not be specified otherwise.
Update requires: Replacement
DBSecurityGroupIngress-
Network ingress authorization for an Amazon EC2 security group or an IP address range.
Type: List of RDS Security Group Rules.
Required: Yes
Update requires: No interruption
GroupDescription-
Description of the security group.
Type: String
Required: Yes
Update requires: Replacement
Tags-
The tags that you want to attach to the Amazon RDS DB security group.
Required: No
Type: A list of resource tags.
Update requires: No interruption
Template Examples
Tip
For more RDS template examples, see Amazon RDS Template Snippets.
Single VPC security group
This template snippet creates/updates a single VPC security group, referred to by EC2SecurityGroupName.
JSON
Copy"DBSecurityGroup": { "Type": "AWS::RDS::DBSecurityGroup", "Properties": { "EC2VpcId" : { "Ref" : "VpcId" }, "DBSecurityGroupIngress": [ {"EC2SecurityGroupName": { "Ref": "WebServerSecurityGroup"}} ], "GroupDescription": "Frontend Access" } }
YAML
CopyDBSecurityGroup: Type: "AWS::RDS::DBSecurityGroup" Properties: EC2VpcId: Ref: "VpcId" DBSecurityGroupIngress: - EC2SecurityGroupName: Ref: "WebServerSecurityGroup" GroupDescription: "Frontend Access"
Multiple VPC security groups
This template snippet creates/updates multiple VPC security groups.
JSON
Copy{ "Resources" : { "DBinstance" : { "Type" : "AWS::RDS::DBInstance", "Properties" : { "DBSecurityGroups" : [ {"Ref" : "DbSecurityByEC2SecurityGroup"} ], "AllocatedStorage" : "5", "DBInstanceClass" : "db.m1.small", "Engine" : "MySQL", "MasterUsername" : "YourName", "MasterUserPassword" : "YourPassword" }, "DeletionPolicy" : "Snapshot" }, "DbSecurityByEC2SecurityGroup" : { "Type" : "AWS::RDS::DBSecurityGroup", "Properties" : { "GroupDescription" : "Ingress for Amazon EC2 security group", "DBSecurityGroupIngress" : [ { "EC2SecurityGroupId" : "sg-b0ff1111", "EC2SecurityGroupOwnerId" : "111122223333" }, { "EC2SecurityGroupId" : "sg-ffd722222", "EC2SecurityGroupOwnerId" : "111122223333" } ] } } } }
YAML
CopyResources: DBinstance: Type: "AWS::RDS::DBInstance" Properties: DBSecurityGroups: - Ref: "DbSecurityByEC2SecurityGroup" AllocatedStorage: "5" DBInstanceClass: "db.m1.small" Engine: "MySQL" MasterUsername: "YourName" MasterUserPassword: "YourPassword" DeletionPolicy: "Snapshot" DbSecurityByEC2SecurityGroup: Type: "AWS::RDS::DBSecurityGroup" Properties: GroupDescription: "Ingress for Amazon EC2 security group" DBSecurityGroupIngress: - EC2SecurityGroupId: "sg-b0ff1111" EC2SecurityGroupOwnerId: "111122223333" - EC2SecurityGroupId: "sg-ffd722222" EC2SecurityGroupOwnerId: "111122223333"
