Menu
Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource Types Reference » AWS::RDS::DBSecurityGroup

AWS::RDS::DBSecurityGroup

The AWS::RDS::DBSecurityGroup type is used to create or update an Amazon RDS DB Security Group. For more information about DB security groups, see Working with DB Security Groups in the Amazon Relational Database Service Developer Guide. For details on the settings for DB security groups, see CreateDBSecurityGroup.

Note

If you use DB security groups, the settings that you can specify for your DB instances are limited. For more information, see the DBSecurityGroups property.

When you specify an AWS::RDS::DBSecurityGroup as an argument to the Ref function, AWS CloudFormation returns the value of the DBSecurityGroupName.

Topics

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy

{
   "Type" : "AWS::RDS::DBSecurityGroup",
   "Properties" :
   {
      "EC2VpcId" : { "Ref" : "myVPC" },
      "DBSecurityGroupIngress" : [ RDS Security Group Rule object 1, ... ],
      "GroupDescription" : String,
      "Tags" : [ Resource Tag, ... ]
   }
}

YAML

Copy
Type: "AWS::RDS::DBSecurityGroup"
Properties:
  EC2VpcId: String
  DBSecurityGroupIngress:
    - RDS Security Group Rule
  GroupDescription: String
  Tags:
    - Resource Tag

Properties

EC2VpcId

The Id of the VPC. Indicates which VPC this DB Security Group should belong to.

Important

The EC2VpcId property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups.

Type: String

Required: Conditional. Must be specified to create a DB Security Group for a VPC; may not be specified otherwise.

Update requires: Replacement

DBSecurityGroupIngress

Network ingress authorization for an Amazon EC2 security group or an IP address range.

Type: List of RDS Security Group Rules.

Required: Yes

Update requires: No interruption

GroupDescription

Description of the security group.

Type: String

Required: Yes

Update requires: Replacement

Tags

The tags that you want to attach to the Amazon RDS DB security group.

Required: No

Type: A list of resource tags.

Update requires: No interruption

Template Examples

Tip

For more RDS template examples, see Amazon RDS Template Snippets.

Single VPC security group

This template snippet creates/updates a single VPC security group, referred to by EC2SecurityGroupName.

JSON

Copy

"DBSecurityGroup": {
   "Type": "AWS::RDS::DBSecurityGroup",
   "Properties": {
      "EC2VpcId" : { "Ref" : "VpcId" },
      "DBSecurityGroupIngress": [
         {"EC2SecurityGroupName": { "Ref": "WebServerSecurityGroup"}}
      ],
      "GroupDescription": "Frontend Access"
   }
}

YAML

Copy
DBSecurityGroup: 
  Type: "AWS::RDS::DBSecurityGroup"
  Properties: 
    EC2VpcId: 
      Ref: "VpcId"
    DBSecurityGroupIngress: 
      - 
        EC2SecurityGroupName: 
          Ref: "WebServerSecurityGroup"
    GroupDescription: "Frontend Access"

Multiple VPC security groups

This template snippet creates/updates multiple VPC security groups.

JSON

Copy

{
   "Resources" : {
      "DBinstance" : {
         "Type" : "AWS::RDS::DBInstance",
         "Properties" : {
            "DBSecurityGroups" : [ {"Ref" : "DbSecurityByEC2SecurityGroup"} ],
            "AllocatedStorage" : "5",
            "DBInstanceClass" : "db.m1.small",
            "Engine" : "MySQL",
            "MasterUsername" : "YourName",
            "MasterUserPassword" : "YourPassword"
         },
         "DeletionPolicy" : "Snapshot"
      },
      "DbSecurityByEC2SecurityGroup" : {
         "Type" : "AWS::RDS::DBSecurityGroup",
         "Properties" : {
            "GroupDescription" : "Ingress for Amazon EC2 security group",
            "DBSecurityGroupIngress" : [ {
                  "EC2SecurityGroupId" : "sg-b0ff1111",
                  "EC2SecurityGroupOwnerId" : "111122223333"
               }, {
                  "EC2SecurityGroupId" : "sg-ffd722222",
                  "EC2SecurityGroupOwnerId" : "111122223333"
               } ]
         }
      }
   }
}

YAML

Copy
Resources: 
  DBinstance: 
    Type: "AWS::RDS::DBInstance"
    Properties: 
      DBSecurityGroups: 
        - 
          Ref: "DbSecurityByEC2SecurityGroup"
      AllocatedStorage: "5"
      DBInstanceClass: "db.m1.small"
      Engine: "MySQL"
      MasterUsername: "YourName"
      MasterUserPassword: "YourPassword"
    DeletionPolicy: "Snapshot"
  DbSecurityByEC2SecurityGroup: 
    Type: "AWS::RDS::DBSecurityGroup"
    Properties: 
      GroupDescription: "Ingress for Amazon EC2 security group"
      DBSecurityGroupIngress: 
        - 
          EC2SecurityGroupId: "sg-b0ff1111"
          EC2SecurityGroupOwnerId: "111122223333"
        - 
          EC2SecurityGroupId: "sg-ffd722222"
          EC2SecurityGroupOwnerId: "111122223333"