AWS CloudFormation
User Guide (Version )

AWS::RDS::DBSecurityGroup

The AWS::RDS::DBSecurityGroup resource creates or updates an Amazon RDS DB security group.

Note

If you use DB security groups, the settings that you can specify for your DB instances are limited. For more information, see the DBSecurityGroups property of the AWS::RDS::DBInstance resource.

When you specify an AWS::RDS::DBSecurityGroup as an argument to the Ref function, AWS CloudFormation returns the value of the DBSecurityGroupName.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::RDS::DBSecurityGroup", "Properties" : { "DBSecurityGroupIngress" : [ Ingress, ... ], "EC2VpcId" : String, "GroupDescription" : String, "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::RDS::DBSecurityGroup Properties: DBSecurityGroupIngress: - Ingress EC2VpcId: String GroupDescription: String Tags: - Tag

Properties

DBSecurityGroupIngress

Ingress rules to be applied to the DB security group.

Required: Yes

Type: List of Ingress

Update requires: No interruption

EC2VpcId

The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to.

Important

The EC2VpcId property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.

Required: No

Type: String

Update requires: Replacement

GroupDescription

Provides the description of the DB Security Group.

Required: Yes

Type: String

Update requires: Replacement

Tags

Tags to assign to the DB security group.

Required: No

Type: List of Tag

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the DB security group.

For more information about using the Ref function, see Ref.

Examples

Single VPC security group

The following example creates a single VPC security group, referred to by EC2SecurityGroupName.

JSON

{ "Resources": { "DBinstance": { "Type": "AWS::RDS::DBInstance", "Properties": { "DBSecurityGroups": [ { "Ref": "DbSecurityByEC2SecurityGroup" } ], "AllocatedStorage": "5", "DBInstanceClass": "db.t3.small", "Engine": "MySQL", "MasterUsername": "YourName", "MasterUserPassword": "YourPassword" }, "DeletionPolicy": "Snapshot" }, "DbSecurityByEC2SecurityGroup": { "Type": "AWS::RDS::DBSecurityGroup", "Properties": { "GroupDescription": "Ingress for Amazon EC2 security group", "DBSecurityGroupIngress": [ { "EC2SecurityGroupId": "sg-b0ff1111", "EC2SecurityGroupOwnerId": "111122223333" }, { "EC2SecurityGroupId": "sg-ffd722222", "EC2SecurityGroupOwnerId": "111122223333" } ] } } } }

YAML

Resources: DBinstance: Type: AWS::RDS::DBInstance Properties: DBSecurityGroups: - Ref: "DbSecurityByEC2SecurityGroup" AllocatedStorage: "5" DBInstanceClass: "db.t3.small" Engine: "MySQL" MasterUsername: "YourName" MasterUserPassword: "YourPassword" DeletionPolicy: "Snapshot" DbSecurityByEC2SecurityGroup: Type: AWS::RDS::DBSecurityGroup Properties: GroupDescription: "Ingress for Amazon EC2 security group" DBSecurityGroupIngress: - EC2SecurityGroupId: "sg-b0ff1111" EC2SecurityGroupOwnerId: "111122223333" - EC2SecurityGroupId: "sg-ffd722222" EC2SecurityGroupOwnerId: "111122223333"

Multiple VPC security groups

The following example creates or updates multiple VPC security groups.

JSON

"DBSecurityGroup": { "Type": "AWS::RDS::DBSecurityGroup", "Properties": { "EC2VpcId" : { "Ref" : "VpcId" }, "DBSecurityGroupIngress": [ {"EC2SecurityGroupName": { "Ref": "WebServerSecurityGroup"}} ], "GroupDescription": "Frontend Access" } }

YAML

DBSecurityGroup: Type: AWS::RDS::DBSecurityGroup Properties: EC2VpcId: Ref: "VpcId" DBSecurityGroupIngress: - EC2SecurityGroupName: Ref: "WebServerSecurityGroup" GroupDescription: "Frontend Access"