updating RDS CF

.cloudformation/03-stack-rdsinstance.yaml

@@ -11,15 +11,15 @@ Parameters:
       to prepend the name of other resources in other templates.
     Type: String
 Resources:
-  VPCSecurityGroupIngress:
-    Type: AWS::EC2::SecurityGroupIngress
-    Properties:
-      GroupId:
-        Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup"
-      IpProtocol: tcp
-      FromPort: 5432
-      ToPort: 5432
-      CidrIp: 0.0.0.0/0
+  # VPCSecurityGroupIngress:
+  #   Type: AWS::EC2::SecurityGroupIngress
+  #   Properties:
+  #     GroupId:
+  #       Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup"
+  #     IpProtocol: tcp
+  #     FromPort: 5432
+  #     ToPort: 5432
+  #     CidrIp: 0.0.0.0/0
   RDSSubnetGroup:
     Type: AWS::RDS::DBSubnetGroup
     Properties:
@@ -28,7 +28,19 @@ Resources:
         - Fn::ImportValue: !Sub "${StackName}-PublicSubnet0"
         - Fn::ImportValue: !Sub "${StackName}-PublicSubnet1"
         - Fn::ImportValue: !Sub "${StackName}-PublicSubnet2"
-  rdsDBInstance:
+  RDSSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: !Sub "${AWS::StackName}-RDS-SecurityGroup"
+      GroupDescription: Security Group for RDS allowing ingress on DB port only.
+      VpcId:
+        Fn::ImportValue: !Sub "${StackName}-PublicVPC"
+      SecurityGroupIngress:
+        IpProtocol: tcp
+        FromPort: 5432
+        ToPort: 5432
+        CidrIp: 0.0.0.0/0
+  RDSDBInstance:
     Type: AWS::RDS::DBInstance
     Properties:
       AllocatedStorage: 5
@@ -42,5 +54,5 @@ Resources:
       MasterUserPassword: password
       PubliclyAccessible: true
       VPCSecurityGroups:
-        - Fn::ImportValue: !Sub "${StackName}-PublicVPCIDDefaultSecurityGroup"
+        - !Ref RDSSecurityGroup
       DBSubnetGroupName: !Ref RDSSubnetGroup