Granular per-instance access in an Aurora DB cluster

Question

We have an Aurora DB cluster with one writer instance and a couple of read replicas. According to AWS documentation it's only possible to change security groups for the cluster at whole. Indeed, when we tried to change the group for one of our read replicas that should have less strict access rules, it affected all instances in the cluster. Does anyone know if there's a way (possibly not so direct one) to assign an additional security group to a certain replica in the cluster? Help is much appreciated, thanks!

Answer

Hi there, from the case notes I understand you want to assign an additional security group to one of the read replica in the cluster.
An Amazon Aurora DB cluster consists of one or more DB instances and a cluster volume that manages the data for those DB instances.
I did it on my end and it is possible to add additional security groups within the same VPC ,but it is not possible to assign security groups and not affect all your instances.A VPC can have multiple security groups and help in restricting certain IP ranges.
I have provided you with additional documentation under the reference section.
I hope this was helpful!
Reference
[1]https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Security.html

Granular per-instance access in an Aurora DB cluster

관련 콘텐츠