AWS::RDS::DBSecurityGroup
The AWS::RDS::DBSecurityGroup
resource creates or updates an Amazon RDS
DB security group.
DB security groups are a part of the EC2-Classic Platform and as such are not
supported in all regions. It is advised to use the AWS::EC2::SecurityGroup
resource
in those regions instead. To determine which platform you are on, see Determining
Whether You Are Using the EC2-VPC or EC2-Classic Platform. For more information on
the AWS::EC2::SecurityGroup
, see the documentation for EC2 security groups.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::RDS::DBSecurityGroup", "Properties" : { "DBSecurityGroupIngress" :
[ Ingress, ... ]
, "EC2VpcId" :String
, "GroupDescription" :String
, "Tags" :[ Tag, ... ]
} }
YAML
Type: AWS::RDS::DBSecurityGroup Properties: DBSecurityGroupIngress:
- Ingress
EC2VpcId:String
GroupDescription:String
Tags:- Tag
Properties
DBSecurityGroupIngress
-
Ingress rules to be applied to the DB security group.
Required: Yes
Type: List of Ingress
Update requires: No interruption
EC2VpcId
-
The identifier of an Amazon VPC. This property indicates the VPC that this DB security group belongs to.
Important The
EC2VpcId
property is for backward compatibility with older regions, and is no longer recommended for providing security information to an RDS DB instance.Required: No
Type: String
Update requires: Replacement
GroupDescription
-
Provides the description of the DB Security Group.
Required: Yes
Type: String
Update requires: Replacement
Tags
-
Tags to assign to the DB security group.
Required: No
Type: List of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the name of the DB security group.
For more information about using the Ref
function, see Ref.
Examples
Creating a single VPC security group
The following example creates a single VPC security group, referred to by
EC2SecurityGroupName
.
JSON
{ "Resources": { "DBinstance": { "Type": "AWS::RDS::DBInstance", "Properties": { "DBSecurityGroups": [ { "Ref": "DbSecurityByEC2SecurityGroup" } ], "AllocatedStorage": "5", "DBInstanceClass": "db.t3.small", "Engine": "MySQL", "MasterUsername": "YourName", "MasterUserPassword": "YourPassword" }, "DeletionPolicy": "Snapshot" }, "DbSecurityByEC2SecurityGroup": { "Type": "AWS::RDS::DBSecurityGroup", "Properties": { "GroupDescription": "Ingress for Amazon EC2 security group", "DBSecurityGroupIngress": [ { "EC2SecurityGroupId": "sg-b0ff1111", "EC2SecurityGroupOwnerId": "111122223333" }, { "EC2SecurityGroupId": "sg-ffd722222", "EC2SecurityGroupOwnerId": "111122223333" } ] } } } }
YAML
Resources: DBinstance: Type: AWS::RDS::DBInstance Properties: DBSecurityGroups: - Ref: "DbSecurityByEC2SecurityGroup" AllocatedStorage: "5" DBInstanceClass: "db.t3.small" Engine: "MySQL" MasterUsername: "YourName" MasterUserPassword: "YourPassword" DeletionPolicy: "Snapshot" DbSecurityByEC2SecurityGroup: Type: AWS::RDS::DBSecurityGroup Properties: GroupDescription: "Ingress for Amazon EC2 security group" DBSecurityGroupIngress: - EC2SecurityGroupId: "sg-b0ff1111" EC2SecurityGroupOwnerId: "111122223333" - EC2SecurityGroupId: "sg-ffd722222" EC2SecurityGroupOwnerId: "111122223333"
Multiple VPC security groups
The following example creates or updates multiple VPC security groups.
JSON
"DBSecurityGroup": { "Type": "AWS::RDS::DBSecurityGroup", "Properties": { "EC2VpcId" : { "Ref" : "VpcId" }, "DBSecurityGroupIngress": [ {"EC2SecurityGroupName": { "Ref": "WebServerSecurityGroup"}} ], "GroupDescription": "Frontend Access" } }
YAML
DBSecurityGroup: Type: AWS::RDS::DBSecurityGroup Properties: EC2VpcId: Ref: "VpcId" DBSecurityGroupIngress: - EC2SecurityGroupName: Ref: "WebServerSecurityGroup" GroupDescription: "Frontend Access"