I've created maybe 10 Elastic Beanstalk environments with a connected RDS database, but for some reason on this application I'm unable to add an RDS database to my elastic beanstalk environment.
I'm adding the RDS database through the Elastic Beanstalk UI with Configuration > Database. The error seems to stem around my root user not being able to create an RDS DB Security Group. The event logs show:
INFO: Environment update is starting.
INFO: Updating environment pscope-api-prod's configuration settings.
ERROR: Service:AmazonCloudFormation, Message:Stack named 'awseb-e-rmu57hh9tz-stack' aborted operation. Current state: 'UPDATE_ROLLBACK_IN_PROGRESS' Reason: The following resource(s) failed to create: [AWSEBRDSDBSecurityGroup].
ERROR: Creating RDS database security group named: awseb-e-rmu57hh9tz-stack-awsebrdsdbsecuritygroup-gpqdtr1kvf7z failed Reason: Either the resource does not exist, or you do not have the required permissions.
ERROR: Failed to deploy configuration.
INFO: Deleted RDS database security group named: awseb-e-rmu57hh9tz-stack-awsebrdsdbsecuritygroup-gpqdtr1kvf7z
INFO: The environment was reverted to the previous configuration setting.
After this is done, no database was created and everything is reverted to how it was before trying to add the RDS database.
Things I've tried:
- I'm trying to add this database as the root user, but have also tried creating an IAM user with Administrator privileges and get the same error.
- I've also tried deleting the entire application and environment and recreating, but I get the same error.
- I usually create with eb-cli with
eb create, but I've also tried creating via the dashboard UI and get the same error.
Best Answer
I'm new to AWS and had the same problem when trying to create and add a new database from the Elastic Bean Management Console.
It was fixed after adding the AWSServiceRoleForRDS - role in IAM. Go to IAM --> Roles --> Create role --> AWS Service:
Select RDS, and RDS use case. Click on "Next:Permissions". There you'll see that the AmazoneRDSServiceRolePolicy has been added. Click Next:Review --> Create Role.
And you're done. Try creating a database from the Elastic Beanstalk Management Console now. It should work now.