2 個答案
- 最新
- 最多得票
- 最多評論
0
I'm having the same issue and am unable to modify individual db instances of my multi-AZ cluster
已回答 7 個月前
0
For everyone coming here. This is my workarround. Before deploy the CFN template, we override the CA Certificate
aws rds modify-certificates --certificate-identifier rds-ca-rsa2048-g1
So the new instance will use rds-ca-rsa2048-g1
And then, we deploy the CFN template
CMSDBCluster:
Type: AWS::RDS::DBCluster
Condition: IsProduction
Properties:
AllocatedStorage: 100
BackupRetentionPeriod: 30
DatabaseName: !Ref CMSDBName
DBClusterIdentifier: !Sub "${App}-${Env}-cms"
DBClusterInstanceClass: db.m5d.large
DBClusterParameterGroupName: !Ref "CMSDBClusterParameterGroup"
DBInstanceParameterGroupName: !Ref "CMSDBParameterGroup"
DBSubnetGroupName: !Ref "CMSDBSubnetGroup"
DeletionProtection: true
EnableCloudwatchLogsExports:
- postgresql
Engine: postgres
EngineMode: provisioned
EngineVersion: "15.3"
Iops: 1000
MasterUsername: !Sub "db_${Env}_admin"
MasterUserPassword: !Ref CMSDBPassword
NetworkType: IPV4
PerformanceInsightsEnabled: true
PerformanceInsightsRetentionPeriod: 7
Port: 5432
PreferredBackupWindow: "15:00-16:00"
PreferredMaintenanceWindow: "Sun:16:05-Sun:17:00"
PubliclyAccessible: false
StorageEncrypted: true
StorageType: io1
VpcSecurityGroupIds:
- Fn::GetAtt: CMSDBSecurityGroup.GroupId
Tags:
- Key: application
Value: !Sub ${App}
- Key: environment
Value: !Sub ${Env}
The result it will use rds-ca-rsa2048-g1 instead of the old one. I hope in the near future, aws will add CACertificate to AWS::RDS::DBCluster resource if the engine is postgres or mysql. Thanks
已回答 7 個月前
相關內容
- 已提問 7 個月前
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前