Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(rds): cannot make RDS non publicly accessible

See original GitHub issue

With cloudformation I could have public subnets and create a database non publicly accessible. I need it to be non public so quicksight recognizes the vpc connection and I can access it there.

In CDK this is not possible as described in https://stackoverflow.com/questions/57221125/on-aws-rds-on-aws-cdk-where-is-the-setting-to-make-database-publicly-accessible

How can I still reach what I was doing in CFN without private subnets?

Reproduction Steps

CFN code:

Resources:
    Database:
        Type: AWS::RDS::DBInstance
        DeletionPolicy: Retain
        Properties:
            AllocatedStorage: !Ref StorageSpace
            AutoMinorVersionUpgrade: true
            AllowMajorVersionUpgrade: true
            BackupRetentionPeriod: !If [SmallInstance, 2, 7]
            DBInstanceClass: !Ref InstanceType
            DBInstanceIdentifier: !Ref InstanceId
            DBSnapshotIdentifier:
                !If [RestoreFromSnapshot, !Ref DBSnapshot, !Ref "AWS::NoValue"]
            DBName: !Ref DBName
            Engine: postgres
            EngineVersion: 12.2
            MasterUsername: !Ref AdminUser
            MasterUserPassword: !Ref DBPassword
            MultiAZ: false
            DBParameterGroupName: !Ref DBParamGroup122
            PubliclyAccessible: false
            StorageEncrypted: false
            StorageType: gp2
            CopyTagsToSnapshot: true
            VPCSecurityGroups:
                - !GetAtt DBSecurityGroup.GroupId
                - !GetAtt QuicksightRDSSecurityGroup.GroupId
            Tags:
                - Key: Name
                  Value: !Sub "${AWS::StackName}-db-replica"

What did you expect to happen?

CDK has an option to make the database non publicly accesible

What actually happened?

There is no way to make the DB non publicly accesible without private subnets

Environment

CDK CLI Version : 1.76
Framework Version: 1.76
Node.js Version: 10.18.1
OS :
Language (Version): TypeScript (3.8.3)

This is 🐛 Bug Report

Issue Analytics

State:
Created 3 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

4reactions

jogoldcommented, Dec 16, 2020

As explained by @skinny85, at the moment the public accessibility is linked to the vpc placement.

Still you can use the following workaround:

const instance = new rds.DatabaseInstance(this, 'Instance', {
  // ... other props
  vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
}

// Change public accessibility
const cfnInstance = instance.node.defaultChild as rds.CfnDBInstance;
cfnInstance.addPropertyOverride('PubliclyAccessible', false);

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.