Luke
Luke

Reputation: 181

Problems with security group in aws copilot service

I'm using aws copilot to deploy some microservices and an ALB I created an environment with copilot env init choosing an existing VPC, public and private subnets Then I started to create the 1st microservice that need a connection to a already existent RDS Mysql database.

What is the right way to do this?

I mean, if the service doesn't exist, copilot create a manifest.yml file with all settings, but it doesn't include anything about SG for connecting to RDS. After service has been created, it's created also a SG for it. Then I can manually add this SG to my RDS.

If the manifest was already created, I can modify it adding a SG id, but if I add a SG that is already configured in RDS, will it work? I mean, a SG is a list of rules that enable connection from an IP, or from other SG. If my already existent SG for RDS has 1 rule that enable connection from ip xxx.xxx.xxx.xxx, why defining this SG inside service manifest should work???

So my problem is how to automate deploy process (maybe with a pipeline later) using the right SG without doing anything by hand.

Thanks

Upvotes: 0

Views: 50

Answers (0)

Related Questions