0

This is my RDS instance, I am creating a security group which gives access to my Workbench and backend code. RDS creates default security group, which overlaps the security group i create and thus makes it not accessible. How can i stop RDS create default security group.

Here is my RDS template

"Resources": {
    "epmoliteDB": {
        "Type": "AWS::RDS::DBInstance",
        "Properties": {
            "DBName": {"Ref": "DBname"},
            "DBSecurityGroups": [{"Ref": "DBSecurityGroup"}],
            "AllocatedStorage": "5",
            "DBInstanceClass": "db.t2.micro",
            "Engine": "MySQL",
            "MasterUsername": {"Ref": "DBuser"},
            "MasterUserPassword": {"Ref": "DBpass"},
            "DBParameterGroupName": {"Ref": "epmoliteDBParameterGroup"}
        }
    },

    "DBSecurityGroup": {
        "Type": "AWS::RDS::DBSecurityGroup",
        "Properties": {
            "DBSecurityGroupIngress": {
                "EC2SecurityGroupName": {"Ref": "WebServerSecurityGroup"}
            },
            "GroupDescription": "Frontend Access"
        }
    },

    "WebServerSecurityGroup": {
        "Type": "AWS::EC2::SecurityGroup",
        "Properties": {
            "GroupDescription" : "Enable MYSQL access via port 3306",
            "SecurityGroupIngress": [{
                "IpProtocol": "tcp","FromPort": "3306","ToPort": "3306","CidrIp": "0.0.0.0/0"
            }]
        }
    },

    "epmoliteDBParameterGroup": {
        "Type": "AWS::RDS::DBParameterGroup",
        "Properties" : {
          "Description" : "Parameter group to avoid schema import errors",
          "Family" : "MySQL5.7",
          "Parameters" : {
            "log_bin_trust_function_creators": "1"
          }
        }
    }

}

Veer3383
  • 1,785
  • 6
  • 29
  • 49

1 Answers1

0

I can't exactly explain why a default security group is created and overlap with the one you specified. What I can tell you though is that you should really rely on VPCSecurityGroups which replaces the old DBSecurityGroups which was relevant in "EC2 Classic" (before the VPC era). Perhaps this will solve the issue.

There's an article in the doc to learn more about this: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html#Overview.RDSSecurityGroups.Compare.

Laurent Jalbert Simard
  • 5,949
  • 1
  • 28
  • 36