I have a CloudFormation script which is working fine except I need to be able to add my EC2 security group to an RDS security group so that the EC2 instance can access the MySQL database on the RDS instance.
Here is the section which creates the EC2 security group;
"WebSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "SSH Access, and complete access to ports 80 & 443.",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : "My.IP.Add.Ress/32" },
{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0" },
{
"IpProtocol" : "tcp",
"FromPort" : "443",
"ToPort" : "443",
"CidrIp" : "0.0.0.0/0"
} ]
}
},
And here is the RDS security group, attempting to reference it;
"DBSecurityGroup" : {
"Type" : "AWS::RDS::DBSecurityGroup",
"Properties" : {
"GroupDescription" : "Access from the EC2 instance to MySQL.",
"DBSecurityGroupIngress" : [ {
"EC2SecurityGroupName" : { "Ref": "WebSecurityGroup" },
"EC2SecurityGroupId" : { "Ref" : "WebSecurityGroup" }
} ]
}
}
Any input or pointers are gratefully received.
Best Answer
Your problem is in the error message. In your
AWS::RDS::DBSecurityGroupresource, you are specifying bothEC2SecurityGroupNameandEC2SecurityGroupIdfor an ingress rule. For EC2 Classic, specify onlyEC2SecurityGroupName.EDIT: New regions, such as EU Central (Frankfurt), do not support EC2-Classic. So you must put your RDS instance within a VPC. This means, you need to create a VPC security group instead of an RDS security group.