Reputation: 181
Problems with security group in aws copilot service
I'm using aws copilot to deploy some microservices and an ALB I created an environment with copilot env init choosing an existing VPC, public and private subnets Then I started to create the 1st microservice that need a connection to a already existent RDS Mysql database.
What is the right way to do this?
I mean, if the service doesn't exist, copilot create a manifest.yml file with all settings, but it doesn't include anything about SG for connecting to RDS. After service has been created, it's created also a SG for it. Then I can manually add this SG to my RDS.
If the manifest was already created, I can modify it adding a SG id, but if I add a SG that is already configured in RDS, will it work? I mean, a SG is a list of rules that enable connection from an IP, or from other SG. If my already existent SG for RDS has 1 rule that enable connection from ip xxx.xxx.xxx.xxx, why defining this SG inside service manifest should work???
So my problem is how to automate deploy process (maybe with a pipeline later) using the right SG without doing anything by hand.
Thanks
Upvotes: 0
Views: 50
Answers (0)
Related Questions
- What is the difference between a task and a service in AWS ECS?
- Create an internal Network load balancer with AWS Copilot
- Nest Js Microservices deployment on ECS with aws Copilot
- Can't access PostgresSQL RDS from ECS using private IP
- Why can't I connect AWS RDS instance from EC2 instance in another VPC after peering
- Cannot create an ECS Service using Terraform on AWS
- (ApplicationLoadBalancer): Workaround for loadBalancer.addListener() and listener.addTargets() for existing alb in ECS
- Path based routing for Microservices in AWS ECS with API Gateway