From a65464e3e84537449ecfc62b97b5005d0146b00c Mon Sep 17 00:00:00 2001 From: dtomlinson Date: Thu, 30 Apr 2020 18:10:17 +0100 Subject: [PATCH] updating RDS CF --- .cloudformation/03-stack-rdsinstance.yaml | 34 +++++++++++++++-------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/.cloudformation/03-stack-rdsinstance.yaml b/.cloudformation/03-stack-rdsinstance.yaml index 6b1c263..9bbfa79 100644 --- a/.cloudformation/03-stack-rdsinstance.yaml +++ b/.cloudformation/03-stack-rdsinstance.yaml @@ -11,15 +11,15 @@ Parameters: to prepend the name of other resources in other templates. Type: String Resources: - VPCSecurityGroupIngress: - Type: AWS::EC2::SecurityGroupIngress - Properties: - GroupId: - Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup" - IpProtocol: tcp - FromPort: 5432 - ToPort: 5432 - CidrIp: 0.0.0.0/0 + # VPCSecurityGroupIngress: + # Type: AWS::EC2::SecurityGroupIngress + # Properties: + # GroupId: + # Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup" + # IpProtocol: tcp + # FromPort: 5432 + # ToPort: 5432 + # CidrIp: 0.0.0.0/0 RDSSubnetGroup: Type: AWS::RDS::DBSubnetGroup Properties: @@ -28,7 +28,19 @@ Resources: - Fn::ImportValue: !Sub "${StackName}-PublicSubnet0" - Fn::ImportValue: !Sub "${StackName}-PublicSubnet1" - Fn::ImportValue: !Sub "${StackName}-PublicSubnet2" - rdsDBInstance: + RDSSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupName: !Sub "${AWS::StackName}-RDS-SecurityGroup" + GroupDescription: Security Group for RDS allowing ingress on DB port only. + VpcId: + Fn::ImportValue: !Sub "${StackName}-PublicVPC" + SecurityGroupIngress: + IpProtocol: tcp + FromPort: 5432 + ToPort: 5432 + CidrIp: 0.0.0.0/0 + RDSDBInstance: Type: AWS::RDS::DBInstance Properties: AllocatedStorage: 5 @@ -42,5 +54,5 @@ Resources: MasterUserPassword: password PubliclyAccessible: true VPCSecurityGroups: - - Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup" + - !Ref RDSSecurityGroup DBSubnetGroupName: !Ref RDSSubnetGroup