for testing purposes, I need to create Postgres Database which will have Public access and will be available from anywhere. My current CloudFormation looks like this:
---
AWSTemplateFormatVersion: "2010-09-09"
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
AvailabilityZone: eu-central-1a
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: true
AvailabilityZone: eu-central-1b
DBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Subnets for RDS database
SubnetIds:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow all inbound traffic
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
CidrIp: 0.0.0.0/0
DBInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceIdentifier: ourpostgres
DBName: "database"
AllocatedStorage: "5"
DBInstanceClass: db.t3.micro
Engine: postgres
VPCSecurityGroups:
- !Ref SecurityGroup
DBSubnetGroupName: !Ref DBSubnetGroup
PubliclyAccessible: true
MasterUsername: myusername
MasterUserPassword: mypassword
Outputs:
DBInstanceEndpoint:
Description: Endpoint to access the Postgres database
Value: !GetAtt [DBInstance, Endpoint.Address]
After running this CloudFormation database instance starts successfully but I am still unable to login into the database from a local machine (using Sequel Pro as the viewer). I tried already set up VPC, Security Groups, Gateway and Su.nets but it still seems like I am missing something.
Can you help me to identify the issues in CloudFormation above?
The reason for your issue is that your su.nets are private .
While the CloudFormation template does create an Inte.net Gateway and attaches it to the VPC, the two su.nets are using the default Route Table , which does not contain a route to the Inte.net Gateway. Therefore, the su.nets are effectively private su.nets .
You would need to update the template to:
0.0.0.0/0
to the Inte.net GatewayAs an example, here's some code that I grabbed from Building a VPC with CloudFormation - Part 1 :
# Some route tables for our subnets:
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public
PublicRoute1: # Public route table has direct routing to IGW:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
You would need something similar to that.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.