我刚刚通过 Cloud Formation 创建了 RDS 代理
在代理仪表板中,显示 RDS 代理可用,但目标组不可用,我无法调试此问题并陷入 Cloud Formation 更新状态
这是我的云形成配置,
我对 rds 代理和 rds 实例使用了所有输入输出绑定(bind)流量安全组,但它似乎不起作用...
我的配置有错误吗?我已经坚持了一整天了
RDSInstance:
DependsOn: DBSecurityGroup
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: '20'
AllowMajorVersionUpgrade: false
AutoMinorVersionUpgrade: true
AvailabilityZone: ${self:provider.region}a
DBInstanceClass: db.t2.micro
DBName: mydb
VPCSecurityGroups:
- "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
Engine: postgres
EngineVersion: '11.9'
MasterUsername: postgres
MasterUserPassword: Fighting001
PubliclyAccessible: true
DBSubnetGroupName:
Ref: DBSubnetGroup
# VPCSecurityGroups:
# Ref: VPC
DBSecretsManager:
Type: AWS::SecretsManager::Secret
Properties:
Description: 'Secret Store for database connection'
Name: postgres
SecretString:
'password'
RDSProxy:
DependsOn: DBSecurityGroup
Type: AWS::RDS::DBProxy
Properties:
Auth:
- AuthScheme: SECRETS
SecretArn:
Ref: DBSecretsManager
IAMAuth: DISABLED
DBProxyName: ${self:provider.stackName}-db-proxy
DebugLogging: true
EngineFamily: 'POSTGRESQL'
RoleArn: 'my role arn'
VpcSecurityGroupIds:
- "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
VpcSubnetIds:
- Ref: PublicSubnetA
- Ref: PublicSubnetB
RDSProxyTargetGroup:
Type: AWS::RDS::DBProxyTargetGroup
Properties:
DBProxyName:
Ref: RDSProxy
DBInstanceIdentifiers: [Ref: RDSInstance]
TargetGroupName: "default"
ConnectionPoolConfigurationInfo:
MaxConnectionsPercent: 45
MaxIdleConnectionsPercent: 40
ConnectionBorrowTimeout: 120
最佳答案
模板失败的一个可能原因是您的 AWS::SecretsManager::Secret 未使用且值不正确。
您的数据库使用:
MasterUsername: postgres
MasterUserPassword: Fighting001
但是你的DBSecretsManager是:
SecretString:
'password'
这是不正确的。我建议首先在 AWS 控制台中手动设置所有内容。然后,您可以检查适合您的用例的 SecretString 的正确形式。
关于amazon-web-services - RDS 代理目标组不可用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64713782/