Creating Rds using Cloudformation

Question

I am creating Rds using cloudformation. I am unable to understand the dbinstancerole in associatedrole. How to create one and give it. And since I am new to this, if there is any changes in the template do suggest them.

---
AWSTemplateFormatVersion: 2010-09-09 
Parameters:
    dbsg:
      Type: String
    VpcID:
      Type: String
Resources:
    RDS:
        Type: AWS::RDS::DBInstance
        Properties: 
            AllocatedStorage: 100 GB
            AssociatedRoles: 
                - DBInstanceRole
            AutoMinorVersionUpgrade: Boolean
            AvailabilityZone: us-east-2a
            DBClusterIdentifier: String
            DBInstanceClass: db.t2.micro
            DBInstanceIdentifier: mysqldb
            DBName: mysqldb
            DBSecurityGroups: 
                - !Ref dbsg
            Engine: mysql
            EngineVersion: 8.0.17
            MasterUsername: mysqldb
            MasterUserPassword: mysql456
            Port: 3306

Answer 1

I extracted here the documentation

The name of the feature associated with the AWS Identity and Access Management (IAM) role. IAM roles that are associated with a DB instance grant permission for the DB instance to access other AWS services on your behalf. For the list of supported feature names, see DBEngineVersion in the Amazon RDS API Reference.

In another word, it means RDS needs to have a role to communicate to another AWS services such as AWS S3 on your behalf. If you have an use case for it, we will define 'roles', otherwise that is an optional field.

For an example, you can have an use case to "transfer files between an Amazon RDS for Oracle DB instance and an Amazon S3 bucket". You need to create a role and associate it with your RDS instance. The document is located here