amazon-web-servicesaws-cloudformation

RDS database instance property - MasterUserPassword


In the below snippet of cloudformation template:

AWSTemplateFormatVersion: "2010-09-09"
Description: "Todobackend Stack"

# Stack Parameters
Parameters:
  DbUsername:
    Type: "String"
    Description: "The RDS database username"
  DbPassword:
    Type: "String"
    Description: "The RDS database password"
    NoEcho: "true"

# Stack Resources
Resources:
  # Configure RDS
  DbInstance:
    Type: "AWS::RDS::DBInstance"
    Properties:
      DBSubnetGroupName: { "Ref": "DbSubnetGroup" }
      MultiAZ: "false"
      AvailabilityZone: { "Ref": "DbAvailabilityZone" }
      AllocatedStorage: 8
      StorageType: "gp2"
      DBInstanceClass: "db.t2.micro"
      DBName: "todobackend"
      Engine: "MySQL"
      EngineVersion: "5.6"
      MasterUsername: { "Ref": "DbUsername" }
      MasterUserPassword: { "Ref": "DbPassword" }
      VPCSecurityGroups:
        - { "Ref": "DbSecurityGroup" }
      Tags:
        - Key: "Name"
          Value: { "Fn::Join": ["", [ { "Ref": "AWS::StackName" }, "-db" ] ] }

AWS CloudFormation gives below error:

2019-12-19 17:28:03 UTC-0800    DbInstance  CREATE_FAILED   

Reason: The parameter MasterUserPassword is not a valid password. Only printable ASCII characters besides '/', '@', '"', ' ' may be used. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: d463b57c-d017-415a-abd6-454db4b08d84)

How to resolve this error?


Solution

  • The password for the master user. The password can include any printable ASCII character except "/", """, or "@".

    From AWS document

    If you want to limit user enter unexpected character, you can use AllowedPattern

    Refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-specific-parameter-types