RDS StorageEncrypted not getting Enabled with CF template
Question
I am creating RDS instance from cloudformation template with default key.
I am giving "StorageEncrypted": true but no KMSKEYID. When RDS instance is created I still see EnabledEncryption No on the instance.
I have refrred exactly what AWS document says http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html I am not sure what is going wrong here. Has anyone tried creating RDS instace with encryption enabled using CF template?
1 answers
solution1
2 2016-10-22 02:50:31
I added VPCSecurity group instead of DB Security group that I was using earlier and that fixed the issue, but Update stack will not work in this case and Stack has to be recreated. Response from AWS Tech Support: However in your case you are still using the stack which was created initially using DBSecurityGroups property. So this has created legacy CloudFormation which is not aware about the new features including encryption. Therefore I would suggest to delete the existing stack and deploy the new stack using same template.
Our team is aware about this issue and it is being worked internally. We have already updated the documentation with this information:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-dbsecuritygroups http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-vpcsecuritygroups
I have passed informed my internal team that once the stack is created using DBSecurityGroups, changing this to VPCSecurityGroups will not enable features mentioned above. The only option is to delete the stack and recreate it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.