2
我试图将入口规则添加到RDS实例的安全组,但是当我添加它时,它说The security group 'sg-14820a71' does not exist in default VPC 'vpc-527a8037'
。AWS Cloud Formation VPC中的RDS安全组
我已经明确指定了VPC我想要安全组,它不应该使用默认值。任何想法如何使其使用正确的VPC?
"Resources": {
"DbVpcSecurityGroup": {
"DependsOn": ["VPC", "BeanstalkSecurityGroup"],
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security group for RDS DB Instance.",
"VpcId": {
"Ref": "VPC"
},
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"FromPort": 3306,
"ToPort": 3306,
"SourceSecurityGroupName": {
"Ref": "BeanstalkSecurityGroup"
}
}]
}
}
}
它工作得很好,没有入口规则(一个创建手动在GUI):
"Resources": {
"DbVpcSecurityGroup": {
"DependsOn": ["VPC", "BeanstalkSecurityGroup"],
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security group for RDS DB Instance.",
"VpcId": {
"Ref": "VPC"
},
}
}
}
这是豆茎安全组:在VPC工作
"BeanstalkSecurityGroup": {
"DependsOn": ["VPC"],
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow the Elastic Beanstalk instances to access the NAT device",
"VpcId": {
"Ref": "VPC"
},
}
}
当VPC工作,你应该使用'SourceSecurityGroupOwnerId'代替'SourceSecurityGroupNam'。另外,你确定'BeanstalkSecurityGroup'和DbVpcSecurityGroup'属于同一个VPC吗? – slayedbylucifer
@slayedbylucifer使用'SourceSecurityGroupOwnerId'修复了这个问题,谢谢。添加一个答案,我会接受它。 – Petah
很高兴帮助。我已经添加了答案。 – slayedbylucifer