Reputation: 127
RDS Proxy Target groups Unavailable
I have just created RDS Proxy by Cloud Formation
In Proxies dashboard, it showed RDS proxy is available, but Target groups are unavailable, I can't debug this and got stuck in Cloud Formation update state
This is my Cloud formation config,
I used all in-out bound traffic security group for both rds proxy and rds instance, but it doesn't seem to work...
So do I have any wrong config? I have stuck at this all day
RDSInstance:
DependsOn: DBSecurityGroup
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: '20'
AllowMajorVersionUpgrade: false
AutoMinorVersionUpgrade: true
AvailabilityZone: ${self:provider.region}a
DBInstanceClass: db.t2.micro
DBName: mydb
VPCSecurityGroups:
- "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
Engine: postgres
EngineVersion: '11.9'
MasterUsername: postgres
MasterUserPassword: Fighting001
PubliclyAccessible: true
DBSubnetGroupName:
Ref: DBSubnetGroup
# VPCSecurityGroups:
# Ref: VPC
DBSecretsManager:
Type: AWS::SecretsManager::Secret
Properties:
Description: 'Secret Store for database connection'
Name: postgres
SecretString:
'password'
RDSProxy:
DependsOn: DBSecurityGroup
Type: AWS::RDS::DBProxy
Properties:
Auth:
- AuthScheme: SECRETS
SecretArn:
Ref: DBSecretsManager
IAMAuth: DISABLED
DBProxyName: ${self:provider.stackName}-db-proxy
DebugLogging: true
EngineFamily: 'POSTGRESQL'
RoleArn: 'my role arn'
VpcSecurityGroupIds:
- "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
VpcSubnetIds:
- Ref: PublicSubnetA
- Ref: PublicSubnetB
RDSProxyTargetGroup:
Type: AWS::RDS::DBProxyTargetGroup
Properties:
DBProxyName:
Ref: RDSProxy
DBInstanceIdentifiers: [Ref: RDSInstance]
TargetGroupName: "default"
ConnectionPoolConfigurationInfo:
MaxConnectionsPercent: 45
MaxIdleConnectionsPercent: 40
ConnectionBorrowTimeout: 120
Upvotes: 7
Views: 14886
Answers (2)
Reputation: 2619
While this isnt the cause of the original issue mentioned above, it may help someone who reaches this post in future.
Make sure your RDS instance and the security group associated with it are using the same port.
I experienced the same outcome because my RDS security group was configured using a different port than the RDS instance.
By default, Aurora Postgres will use port 3306, however my security group was using 5432 (because it was copied from an old Postgres non-Aurora RDS instance). I updated my RDS instance to use port 5432 by specifying the Port property which resolved this issue.
Upvotes: 3
Reputation: 238081
A likely reason why your template fails is that your AWS::SecretsManager::Secret is not used and has incorrect values.
Your DB uses:
MasterUsername: postgres
MasterUserPassword: Fighting001
But your DBSecretsManager is:
SecretString:
'password'
which is incorrect. I would suggest setting up manually everything in the AWS console first. Then you can check what is the correct form of the SecretString for your use-case.
Upvotes: 9
Related Questions
- AWS RDS Proxy configuration
- RDS Proxy: PENDING_PROXY_CAPACITY and "DBProxy Target unavailable due to an internal error"
- The target group does not have an associated load balancer
- AWS RDS proxy target group - Session Pinning Filter not working
- AWS CloudFormation: unable to create RDS database because database security group cannot reference the web server's security group
- AWS CloudFormation: unable to create RDS resource with VPC assigned
- AWS CloudFormation: CREATE_FAILED DBSecurityGroup is not supported in this region (London)
- AWS CloudFormation: Unable to find existing SG to assign to RDS instance
- `Invalid security group` shown when tried to create an SG and RDS by CloudFormation
- cloudformation failing with security group mismatch