2

I am trying to create a read replica in west region for an RDS data base in east through cloud formation template. I am getting an error:

Cannot create a cross region unencrypted read replica from encrypted source.

However, I have tried to provide kms key id and marked CopyTagsToSnapshot as true . Here is how my cloud formation looks like: 

Resources:
  MyDB:
   Type: AWS::RDS::DBInstance
   Properties:
    SourceDBInstanceIdentifier: !Ref ReadReplicaURL
    AllocatedStorage: !Ref DBAllocatedStorage
    CopyTagsToSnapshot: true
    DBSubnetGroupName: !Ref DBSubnetGroup
    VPCSecurityGroups:
     - !Ref DBSG1
    KmsKeyId: !Ref DBEncryptionKey
    StorageEncrypted: true
    DBInstanceClass: !Ref DBInstanceClass
    DBInstanceIdentifier: !Ref DBInstanceIdentifier
    Iops: !Ref DBIops
    MonitoringInterval: !Ref DBMonitoringInterval
    Engine: !Ref Engine
    MonitoringRoleArn: !Ref DBMonitoringRoleARN
    Port: !Ref DBPort
    PreferredMaintenanceWindow: !Ref DBPreferredMaintenanceWindow
    StorageType: io1
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Ishu Gupta
  • 1,071
  • 1
  • 19
  • 43
  • The YAML you've shared seems incomplete. Can you update to include the resource definition for both the source AND replica? So far I only see the source which from what I can tell might be misconfigured. – talentedmrjones Mar 21 '17 at 19:51
  • 1
    thanks @talentedmrjones looks like this functionality isnt there yet for cloud formation templates. Please have a look at my answer below. – Ishu Gupta Mar 21 '17 at 20:43

1 Answers1

2

Answer I got from AWS rep:

Unfortunately, creation of encrypted RDS cross-region read replicas is not possible through CloudFormation currently. There is an active feature request to implement this functionality to which I have added your voice. Once the feature is implemented, it will be announced on this page:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html

Ishu Gupta
  • 1,071
  • 1
  • 19
  • 43
  • 1
    It looks not AWS cloud formation now does support cross-region read reaplica with kms keys :https://aws.amazon.com/about-aws/whats-new/2017/01/amazon-rds-now-supports-read-replicas-of-encrypted-database-instances-across-regions/ – Snedden27 Aug 22 '18 at 14:02