Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » Amazon Relational Database Service Resource Types Reference » AWS::RDS::DBSecurityGroupIngress

AWS::RDS::DBSecurityGroupIngress

The AWS::RDS::DBSecurityGroupIngress type enables ingress to a DBSecurityGroup using one of two forms of authorization. First, EC2 or VPC security groups can be added to the DBSecurityGroup if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the Internet. For more information about DB security groups, see Working with DB security groups

This type supports updates. For more information about updating stacks, see AWS CloudFormation Stacks Updates.

For details about the settings for DB security group ingress, see AuthorizeDBSecurityGroupIngress.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::RDS::DBSecurityGroupIngress",
  "Properties" : {
   "CIDRIP": String,
   "DBSecurityGroupName": String,
   "EC2SecurityGroupId": String,
   "EC2SecurityGroupName": String,
   "EC2SecurityGroupOwnerId": String
}

YAML

Type: "AWS::RDS::DBSecurityGroupIngress"
Properties:  
  CIDRIP: String
  DBSecurityGroupName: String
  EC2SecurityGroupId: String
  EC2SecurityGroupName: String
  EC2SecurityGroupOwnerId: String

Properties

CIDRIP

The IP range to authorize.

For an overview of CIDR ranges, go to the Wikipedia Tutorial.

Type: String

Update requires: No interruption

DBSecurityGroupName

The name (ARN) of the AWS::RDS::DBSecurityGroup to which this ingress will be added.

Type: String

Required: Yes

Update requires: No interruption

EC2SecurityGroupId

The ID of the VPC or EC2 security group to authorize.

For VPC DB security groups, use EC2SecurityGroupId. For EC2 security groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId.

Type: String

Required: No

Update requires: No interruption

EC2SecurityGroupName

The name of the EC2 security group to authorize.

For VPC DB security groups, use EC2SecurityGroupId. For EC2 security groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId.

Type: String

Required: No

Update requires: No interruption

EC2SecurityGroupOwnerId

The AWS Account Number of the owner of the EC2 security group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value.

For VPC DB security groups, use EC2SecurityGroupId. For EC2 security groups, use EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId.

Type: String

Required: No

Update requires: No interruption

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name.

For more information about using the Ref function, see Ref.

See Also