amazon-web-services - 由于安全组不同，无法创建 aurora RDS 数据库集群

Question

我一直在尝试设置云形成脚本来创建托管fragate容器和aurora数据库的VPC。当尝试部署我的 aurora 脚本时，我收到以下信息。

The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-f0ec9d98 and the EC2 security group is in vpc-01c5e9bcdb87dc39c (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 7aa14530-d73c-4b27-a6d6-fcc8aea61d93)

我不明白为什么会出现这种情况，因为我使用的是由我的 VPC 脚本创建的相同安全组，我的 aurora 脚本如下

极光

Description: Set up a serverles PostgreSQL cluster with a bastion host (using Aurora)

Parameters: 
    DatabaseName:
            Type: String
    EngineVersion:
            Type: String
            Default: 11.4
    MasterUsername:
            Type: String
            Default: root
    MasterUserPassword:
            Type: String
            Default: root
            NoEcho: true
    VpcId:
            Type: AWS::EC2::VPC::Id
    VpcSecurityGroupId:
            Type: AWS::EC2::SecurityGroup::Id
    BastionImageId:
            Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
            Default: /aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs
    BastionKeyName:
            Type: AWS::EC2::KeyPair::KeyName
            Description: EC2 key used to connect to the bastion host
    DeletionProtection:
            Type: String
            Default: false
            AllowedValues:
            - true
            - false

Resources:
    Cluster:
            Type: AWS::RDS::DBCluster
            Properties:
                    Engine: aurora-postgresql
                    EngineVersion: !Ref EngineVersion
                    DatabaseName: !Ref DatabaseName
                    MasterUsername: !Ref MasterUsername
                    MasterUserPassword: !Ref MasterUserPassword
                    DBClusterIdentifier: !Ref AWS::StackName
                    BackupRetentionPeriod: 35
                    DeletionProtection: !Ref DeletionProtection
                    VpcSecurityGroupIds:
                    - !Ref VpcSecurityGroupId
    BastionSecurityGroup:
            Type: AWS::EC2::SecurityGroup
            Properties:
                    GroupDescription: !Sub Bastion for ${AWS::StackName}
                    SecurityGroupEgress:
                    - CidrIp: 0.0.0.0/0
                      FromPort: -1
                      ToPort: -1
                      IpProtocol: -1
                    - DestinationSecurityGroupId: !Ref VpcSecurityGroupId
                      IpProtocol: tcp
                      FromPort: 3306
                      ToPort: 3306
                    SecurityGroupIngress: []
                    VpcId: !Ref VpcId
    Bastion: 
            Type: AWS::EC2::Instance
            Properties: 
                    DisableApiTermination: true
                    ImageId: !Ref BastionImageId
                    InstanceType: t2.nano
                    KeyName: !Ref BastionKeyName
                    Monitoring: false
                    SecurityGroupIds:
                    - !Ref VpcSecurityGroupId
                    - !Ref BastionSecurityGroup
                    UserData: !Base64 'yum install postgresql --assumeyes' # if this script does not work this line  broke it 
Outputs:
    Host: 
            Value: !GetAtt Cluster.Endpoint.Address
            Export:
                    Name: !Sub ${AWS::StackName}Host
    Name:
            Value: !Ref DatabaseName
            Export:
                    Name: !Sub ${AWS::StackName}Name
    BastionHost:
            Value: !GetAtt Bastion.PublicDnsName
            Export:
                    Name: !Sub ${AWS::StackName}BastionHost
    BastionIp:
            Value: !GetAtt Bastion.PublicIp
            Export:
                    Name: !Sub ${AWS::StackName}BastionIp
    BastionSecurityGroupId:
            Value: !GetAtt BastionSecurityGroup.GroupId
            Export:
                    Name: !Sub ${AWS::StackName}BastionSecurityGroupId

Answer 1

如果 AWS::RDS::DBCluster 资源中不包含 DBSubnetGroupName 属性，CloudFormation 似乎正在尝试在默认 VPC 中启动集群。数据库子网组允许您在创建数据库实例时指定特定的 VPC。

尝试添加此属性并引用关联的子网参数/资源，问题应该会得到解决。

有关在 VPC 中创建 RDS 实例的信息可以在 RDS User Guide 中找到。 .