amazon-web-servicesaws-cloudformationamazon-rdsamazon-rds-proxy

RDS Proxy Target groups Unavailable

I have just created RDS Proxy by Cloud Formation

In Proxies dashboard, it showed RDS proxy is available, but Target groups are unavailable, I can't debug this and got stuck in Cloud Formation update state

This is my Cloud formation config,

I used all in-out bound traffic security group for both rds proxy and rds instance, but it doesn't seem to work...

So do I have any wrong config? I have stuck at this all day

RDSInstance:
  DependsOn: DBSecurityGroup
  Type: AWS::RDS::DBInstance
  Properties: 
    AllocatedStorage: '20'
    AllowMajorVersionUpgrade: false
    AutoMinorVersionUpgrade: true
    AvailabilityZone: ${self:provider.region}a
    DBInstanceClass: db.t2.micro
    DBName: mydb
    VPCSecurityGroups: 
      - "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
    Engine: postgres
    EngineVersion: '11.9'
    MasterUsername: postgres
    MasterUserPassword: Fighting001
    PubliclyAccessible: true
    DBSubnetGroupName: 
      Ref: DBSubnetGroup
    # VPCSecurityGroups: 
    #   Ref: VPC
DBSecretsManager:
  Type: AWS::SecretsManager::Secret
  Properties: 
    Description: 'Secret Store for database connection'
    Name: postgres
    SecretString: 
      'password'
RDSProxy:
  DependsOn: DBSecurityGroup
  Type: AWS::RDS::DBProxy
  Properties: 
    Auth: 
      - AuthScheme: SECRETS
        SecretArn: 
          Ref: DBSecretsManager
        IAMAuth: DISABLED
    DBProxyName: ${self:provider.stackName}-db-proxy
    DebugLogging: true
    EngineFamily: 'POSTGRESQL'
    RoleArn: 'my role arn'
    VpcSecurityGroupIds: 
    - "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
    VpcSubnetIds: 
      - Ref: PublicSubnetA
      - Ref: PublicSubnetB
RDSProxyTargetGroup:
  Type: AWS::RDS::DBProxyTargetGroup
  Properties:
    DBProxyName: 
      Ref: RDSProxy
    DBInstanceIdentifiers: [Ref: RDSInstance]
    TargetGroupName: "default"
    ConnectionPoolConfigurationInfo:
        MaxConnectionsPercent: 45
        MaxIdleConnectionsPercent: 40
        ConnectionBorrowTimeout: 120
Solution

  • A likely reason why your template fails is that your AWS::SecretsManager::Secret is not used and has incorrect values.

    Your DB uses:

        MasterUsername: postgres
    MasterUserPassword: Fighting001

    But your DBSecretsManager is:

    SecretString: 
     'password'

    which is incorrect. I would suggest setting up manually everything in the AWS console first. Then you can check what is the correct form of the SecretString for your use-case.