首页 文章

如何使用aws cloudformation将RDS实例添加到VPC

提问于
浏览
4

当我手动启动RDS实例时,我能够分配我希望它成为的一部分VPC . 我正在尝试使用AWS cloudformation创建堆栈,但是我没有看到API能够做到这一点 . 我可以在堆栈中创建我的VPC,然后为EC2和DB安全组的安全组引用它们,它们最终都是VPC的一部分,但是RDS实例本身没有 . 有没有办法将VPC分配给RDS实例?

以下是我的模板:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Metadata": {
    "AWS::CloudFormation::Designer": {
      "30e03bfc-b61a-4d6c-89db-1b62b258a305": {
        "size": {
          "width": 80,
          "height": 80
        },
        "position": {
          "x": 700,
          "y": 170
        },
        "z": 0,
        "embeds": []
      }
    }
  },

  "Parameters": {

    "DBPreferredBkupWindow": {
      "Description"                 : "The daily time range (in UTC) during which automated backups are created, ideally off peak-hours.",
      "Type"                        : "String",
      "MinLength"                   : "1",
      "MaxLength"                   : "11",
      "AllowedPattern"              : "\\d[0-23]:\\d[0-59]-\\d[0-23]:\\d[0-59]",
      "Default"                     : "01:00-02:00"
    }
  },

  "Resources": {

    "VPC": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock"                 : "172.16.0.0/16",
        "EnableDnsSupport"          : true
      }
    },

    "DB": {
      "Type": "AWS::RDS::DBInstance",
      "Properties": {
        "DBName"                    : "ems",
        "Engine"                    : "postgres",
        "EngineVersion"             : "9.4.7",
        "DBInstanceClass"           : "db.t1.micro",
        "DBInstanceIdentifier"      : "rltdb",
        "MasterUsername"            : "pgadmin",
        "MasterUserPassword"        : "pgadmin1",
        "AllocatedStorage"          : "100",
        "Iops"                      : "1000",
        "BackupRetentionPeriod"     : "7",
        "PreferredBackupWindow"     : { "Ref" : "DBPreferredBkupWindow" },
        "MultiAZ"                   : true,
        "PubliclyAccessible"        : false,
        "AutoMinorVersionUpgrade"   : false,
        "VPCSecurityGroups"         : [{ "Ref" : "SecurityGroup" } ]
      },

      "Metadata": {
        "AWS::CloudFormation::Designer": {
          "id": "30e03bfc-b61a-4d6c-89db-1b62b258a305"
        }
      }
    },

    "DBSecurityGroup": {
      "Type": "AWS::RDS::DBSecurityGroup",
      "Properties": {
        "EC2VpcId"                  : { "Ref" : "VPC" },
        "DBSecurityGroupIngress"    : { "EC2SecurityGroupName": { "Ref": "SecurityGroup"} },
        "GroupDescription"          : "Database Access"
      }
    },

    "SecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "VpcId"                     : { "Ref" : "VPC" },
        "GroupDescription"          : "Enable database access for application",
        "SecurityGroupIngress"      : [
          {"IpProtocol" : "tcp", "FromPort" : "5432", "ToPort" : "5432", "CidrIp" : "0.0.0.0/0"}
        ]
      }
    }
  }
}
amazon-web-services amazon-cloudformation

2 回答

  • 4

    您必须在CloudFormation模板中创建 DBSubnetGroup 和至少两个子网 .

    "subnet-1" : {
   "Type" : "AWS::EC2::Subnet",
   "Properties" : {
      "CidrBlock" : "172.16.1.0/24",
      "VpcId" : { "Ref" : "VPC" }
   }
},     

"subnet-2" : {
   "Type" : "AWS::EC2::Subnet",
   "Properties" : {
      "CidrBlock" : "172.16.2.0/24",
      "VpcId" : { "Ref" : "VPC" }
   }
},     

"DBSubnetGroup" : {
   "Type" : "AWS::RDS::DBSubnetGroup",
   "Properties" : {
      "SubnetIds" : [
          { "Ref" : "subnet-1" },
          { "Ref" : "subnet-2" }
      ],
   }
},

    最后,您必须在 "DB" 对象中包含DBSubnetGroup .

    "DBSubnetGroupName": { "Ref": "DBSubnetGroup" }
    回复于
  • 7

    您需要包含DBSubnetGroupName

    要与数据库实例关联的数据库子网组 . 如果没有数据库子网组,则它是非VPC数据库实例 .

    在您的VPC中使用子网创建DBSubnetGroup resource,然后将其与您的DBInstance绑定:

    "DBSubnetGroupName": { "Ref": "MySubnetGroup" }
    回复于

相关问题