Allow connections from ECS to an existing RDS database?

Question

I'm currently trying to identify an existing MySQL instance and I want to allow my ECS deployment to be able to connect to it.

The progress so far is the following:

    const rdsPrimaryDatabase = rds.DatabaseInstance.fromDatabaseInstanceAttributes(this, 'ApplicationReadWrite', {
      instanceEndpointAddress: "application_database_ewqqqrqw.eu-west-1.rds.amazonaws.com", port: 3305, securityGroups: [],
      instanceIdentifier: 'application_database'
    });

    const securityGroup = new ec2.SecurityGroup(this, 'ApplicationEcsSecurityGroup', {
      vpc: vpc,
      allowAllOutbound: true,
      securityGroupName: 'ApplicationEcsSecurityGroup',
    })

    securityGroup.connections.allowTo(rdsPrimaryDatabase, 3306, 'Primary Database')

The above is currently resulting in the following error, related to the last line:

    Argument of type 'IDatabaseInstance' is not assignable to parameter of type 'IConnectable'.
    The types of 'connections.defaultPort' are incompatible between these types.

The error is quite understandable, but I'm unsure as to how to overcome this - as well as I'm not quite sure that I'm doing it the right way.

Any help is appreciated.

Answer 1

Instead of importing the database instance, try importing the database instance's security group.

ISecurityGroup databaseSecurityGroup SecurityGroup.FromSecurityGroupId(scope, "ImportedDatabaseSecurityGroup", securityGroupId, new SecurityGroupImportOptions());

var fargateServiceSecurityGroup = new SecurityGroup(this, "FargateServiceSecurityGroup", new SecurityGroupProps());

databaseSecurityGroup.Connections.AllowFrom(fargateServiceSecurityGroup, Port.AllTcp(), "Allow from fargate security group");