我创造了VPC
and RDS
与下面的CloudFormation
.
Resources:
TestVpc:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: "10.0.0.0/16"
EnableDnsSupport: true
EnableDnsHostnames: true
TestSubnetA:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1a"
CidrBlock: "10.0.0.0/20"
VpcId: !Ref TestVpc
TestSubnetB:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1d"
CidrBlock: "10.0.16.0/20"
VpcId: !Ref TestVpc
TestSubnetC:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1c"
CidrBlock: "10.0.32.0/20"
VpcId: !Ref TestVpc
TestSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Test security group with cloduformation"
SecurityGroupIngress:
- CidrIp: "10.0.0.0/16"
IpProtocol: "tcp"
FromPort: 0
ToPort: 65535
SecurityGroupEgress:
- CidrIp: "0.0.0.0/0"
FromPort: 0
ToPort: 65535
IpProtocol: "tcp"
VpcId: !Ref TestVpc
TestSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "TestSubnetGroupDesc"
SubnetIds:
- !Ref TestSubnetA
- !Ref TestSubnetB
- !Ref TestSubnetC
TestRDS:
Type: "AWS::RDS::DBInstance"
Properties:
DBInstanceClass: "db.t2.micro"
DBInstanceIdentifier: "rekog-moderation"
DBName: "rekog"
Engine: "postgres"
EngineVersion: "10.4"
MasterUsername: "rekog"
MasterUserPassword: "passwd"
AllocatedStorage: "20"
DBSubnetGroupName: !Ref TestSubnetGroup
VPCSecurityGroups:
- !Ref TestSecurityGroup
RDS结果
拉姆达设置
When Lambda
尝试使用域名访问rekog-moderation.cokqwd6ixsnc.ap-northeast-1.rds.amazonaws.com
,它在建立连接时返回超时错误RDS
.
我想念什么?
您需要在入口规则中添加安全组自引用,以允许安全组的所有成员相互通信。就像是:
"TestSecurityGroupIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": { "Ref": "TestSecurityGroup" },
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "65535",
"SourceSecurityGroupId": { "Ref": "TestSecurityGroup" }
}
}
您可以在 CF 中找到有关自引用安全组的更多信息AWS论坛 https://forums.aws.amazon.com/message.jspa?messageID=245655
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)