CODEWITHSUNDEEP
amazon-web-servicesaws-sdkdevopsaws-cloudformation
Bhargav Teja
Bhargav Teja

Reputation: 451

How I can access RDS from other VPC EC2 instance using Cloudformation

I am new to AWS. I have VPC-A and VPC-B. I want to access RDS which is in VPC-A from VPC-B EC2 instance. I created VPC peering but not able to access RDS. When I am adding VPC-B EC2 instance id into VPC-A RDS security group its working. But I need to do it from Cloudformation. Can I update existing security group from CloudFormation? Thanks for Advance :)

Upvotes: 0

Views: 504

Answers (1)

Rome_Leader
Rome_Leader

Reputation: 2700

A couple of things. You may have the VPC peering created, but you will need to go to the route tables associated with the subnets for your RDS and EC2 instances and make sure they can talk.

i.e. if your EC2 instance is in subnet 10.0.X.XX, there needs to be a route in the RDS subnet's route table for 10.0.X.XX using the VPC Peering (probably displayed as pcx-xxxx, pc for 'peering connection') and the EC2 instance will need a similar rule using the VPC Peering for the EC2. And then your security groups will need to allow the traffic as you've mentioned.

As for updating existing security groups through CloudFormation, yes it is possible. You will want to use the SecurityGroupIngress (inbound) or SecurityGroupEgress (outbound) resources depending on what you need, e.g.:

"MySecurityGroupIngressRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties" : {   
    "GroupId": "sg-123456789",
    "IpProtocol": "tcp",
    "FromPort": "1234",
    "ToPort": "1234",
    "CidrIp": "1.2.3.4/0"
}

}

The GroupId is how you specify an existing group according to its SG ID.

Upvotes: 1

Related Questions