I'm preparing a small bash script that reads the latest snapshot name for a given instance and creates an new instance from that snapshot. The command I'm using is
rds-restore-db-instance-from-db-snapshot snapshot-instance --db-snapshot-identifier rds:snapshot-name --region eu-west-1 --availability-zone eu-west-1a --db-instance-class db.t2.micro --multi-az false
This is working fine, the instance gets created. But the instance has wrong security group assignments, preventing it from being accessed from outside (which is needed for a standard "dumping" of the sql-data).
The original Security Group (VPC) of the snapshott'ed instance was
default (sg-2bc44xxx) ( active )
but when the new instance from the snapshot is created via CLI, it gets the following assignments:
default:vpc-95c10xxx ( active )
rds-default-vpc-95c10-xxxx (sg-9e45bxxx) ( active )
You see the difference of the Security group (sg) of the old security group and the new one.
But I cannot change this connection via CLI:
rds-modify-db-instance snapshot-instance --region eu-west-1 -sg sg-2bc44xxx
Result in
"Malformed input-MalformedInput".
Other try:
rds-modify-db-instance snapshot-instance --region eu-west-1 -a sg-2bc44xxx
which gives
Could not find the resource you requested: DBSecurityGroup not found: sg-2bc44xxx
When I change the group via Web-Console to the default one, the inbound connection is usable and I can take a mysqldump without any problem.
Currently it is unclear what option to use, either -a or -sg. Also, it is unclear what the correct identifier for security groups is (id, group-name, ...).
Any help or information would be highly appreciated.
Regards,
Erik
Aucun commentaire:
Enregistrer un commentaire