We Keep Coding

Cannot create PostgreSQL with CloudFormation but works with web interface

I'm trying to create a Serverless V2 Aurora PostgreSQL cluster and an instance with CloudFormation.
It works fine when using the AWS web interface but when using CloudFormation (trough Serverless) I get
Error: CREATE_FAILED: auroraCluster (AWS::RDS::DBCluster) Resource
handler returned message: "The engine mode serverless you requested is
currently unavailable.
CF Template:
# Database
auroraCluster:
Type: AWS::RDS::DBCluster
Properties:
AutoMinorVersionUpgrade: 'true'
AvailabilityZones:
- eu-north-1a
- eu-north-1b
- eu-north-1c
DatabaseName:
publisher
DeletionProtection: !If [isProd, 'true', 'false']
Engine: aurora-postgresql
EngineMode: serverless
EngineVersion: '14.6'
auroraInstance:
Type: AWS::RDS::DBInstance
Properties:
AllowMajorVersionUpgrade: !If [isProd, 'true', 'false']
AutoMinorVersionUpgrade: 'true'
AvailabilityZone: !Sub ${AWS::Region}a
DBClusterIdentifier: !Ref auroraCluster
DBInstanceIdentifier: ${self:service}-rds-${sls:stage}
DeleteAutomatedBackups: !If [isProd, 'false', 'true']
DeletionProtection: !If [isProd, 'true', 'false']
Engine: aurora-postgresql
ManageMasterUserPassword: 'true'
MasterUsername: postgres
MasterUserSecret:
SecretArn: !Ref secretRds

Serverless aurora for postgress 14.6 is only supported for serverless v2. This requires different setup then you have. For example, you have to provide ServerlessV2ScalingConfiguration, delete EngineMode and use DBInstanceClass set to db.serverless. For example:
Resources:
auroraCluster:
Type: AWS::RDS::DBCluster
Properties:
#AutoMinorVersionUpgrade: 'true'
DatabaseName:
publisher
Engine: aurora-postgresql
EngineVersion: '14.6'
MasterUsername: "trdyd"
MasterUserPassword: "gfsdg344231"
ServerlessV2ScalingConfiguration:
MinCapacity: 1
MaxCapacity: 4
auroraInstance:
Type: 'AWS::RDS::DBInstance'
Properties:
Engine: aurora-postgresql
DBInstanceClass: db.serverless
DBClusterIdentifier: !Ref auroraCluster
Obviously you have to adjust the above example, which works, to what exactly you need, taking into account serverless v2 capabilities.

How can I provide a variable for `AWS::RDS::DBInstance` in cloudformation?

I am using cloudformation to provision RDS aurora to AWS and using AWS::RDS::DBCluster and AWS::RDS::DBInstance resources in the template. I have different environments, e.g. dev, uat and prod. Each environment has different number of db instances under the cluster. How can I set the number of db instances as a variable in the cloudformation template?
Below is my template for AWS::RDS::DBInstance. As you can see there are three instances in the template. It is only for production not dev. How can I use a parameter to indicate the number of instances? For example, deploy 1 instance in dev and 3 for prod.
AuroraDBFirstInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: ${self:provider.postgresqlInstanceClass}
Engine: aurora-postgresql
EngineVersion: ${self:provider.postgresqlEngineVersion}
DBClusterIdentifier: !Ref AuroraDBCluster
PubliclyAccessible: ${self:provider.publiclyAccessible}
AuroraDBSecondInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: ${self:provider.postgresqlInstanceClass}
Engine: aurora-postgresql
EngineVersion: ${self:provider.postgresqlEngineVersion}
DBClusterIdentifier: !Ref AuroraDBCluster
PubliclyAccessible: ${self:provider.publiclyAccessible}
AuroraDBThirdInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: ${self:provider.postgresqlInstanceClass}
Engine: aurora-postgresql
EngineVersion: ${self:provider.postgresqlEngineVersion}
DBClusterIdentifier: !Ref AuroraDBCluster
PubliclyAccessible: ${self:provider.publiclyAccessible}

You can add it as a parameter and pass as you run the stack, you can even make a mappings like this:
Environment:
Type: String
AllowedValues:
- dev
- uat
- prod
Mappings:
EnvironmentToDb
dev:
Cluster: 1
uat:
Cluster: 2
prod:
Cluster: 3
Then you can reference it using:
DBClusterIdentifier: !FindInMap [EnvironmentToDb, !Ref 'Environment', Cluster]

RDS Proxy Target groups Unavailable

I have just created RDS Proxy by Cloud Formation
In Proxies dashboard, it showed RDS proxy is available, but Target groups are unavailable, I can't debug this and got stuck in Cloud Formation update state
This is my Cloud formation config,
I used all in-out bound traffic security group for both rds proxy and rds instance, but it doesn't seem to work...
So do I have any wrong config? I have stuck at this all day
RDSInstance:
DependsOn: DBSecurityGroup
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: '20'
AllowMajorVersionUpgrade: false
AutoMinorVersionUpgrade: true
AvailabilityZone: ${self:provider.region}a
DBInstanceClass: db.t2.micro
DBName: mydb
VPCSecurityGroups:
- "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
Engine: postgres
EngineVersion: '11.9'
MasterUsername: postgres
MasterUserPassword: Fighting001
PubliclyAccessible: true
DBSubnetGroupName:
Ref: DBSubnetGroup
# VPCSecurityGroups:
# Ref: VPC
DBSecretsManager:
Type: AWS::SecretsManager::Secret
Properties:
Description: 'Secret Store for database connection'
Name: postgres
SecretString:
'password'
RDSProxy:
DependsOn: DBSecurityGroup
Type: AWS::RDS::DBProxy
Properties:
Auth:
- AuthScheme: SECRETS
SecretArn:
Ref: DBSecretsManager
IAMAuth: DISABLED
DBProxyName: ${self:provider.stackName}-db-proxy
DebugLogging: true
EngineFamily: 'POSTGRESQL'
RoleArn: 'my role arn'
VpcSecurityGroupIds:
- "Fn::GetAtt": [ DBSecurityGroup, GroupId ]
VpcSubnetIds:
- Ref: PublicSubnetA
- Ref: PublicSubnetB
RDSProxyTargetGroup:
Type: AWS::RDS::DBProxyTargetGroup
Properties:
DBProxyName:
Ref: RDSProxy
DBInstanceIdentifiers: [Ref: RDSInstance]
TargetGroupName: "default"
ConnectionPoolConfigurationInfo:
MaxConnectionsPercent: 45
MaxIdleConnectionsPercent: 40
ConnectionBorrowTimeout: 120

A likely reason why your template fails is that your AWS::SecretsManager::Secret is not used and has incorrect values.
Your DB uses:
MasterUsername: postgres
MasterUserPassword: Fighting001
But your DBSecretsManager is:
SecretString:
'password'
which is incorrect. I would suggest setting up manually everything in the AWS console first. Then you can check what is the correct form of the SecretString for your use-case.

While this isnt the cause of the original issue mentioned above, it may help someone who reaches this post in future.
Make sure your RDS instance and the security group associated with it are using the same port.
I experienced the same outcome because my RDS security group was configured using a different port than the RDS instance.
By default, Aurora Postgres will use port 3306, however my security group was using 5432 (because it was copied from an old Postgres non-Aurora RDS instance). I updated my RDS instance to use port 5432 by specifying the Port property which resolved this issue.

Getting MasterUserPassword for AWS::RDS::DBCluster via SecretsManager in CloudFormation

When creating an AWS::RDS::DBCluster(Aurora-Serverless) in AWS CloudFormation, there is a property MasterUserPassword and its input is specified as string.
So, how to put a stack definition yaml so that RDS definition does not use a string but a random password generated by AWS::SecretsManager::Secret? Is it possible to reference Secrets-manager-generated password with !Ref, !GetAtt or any other means?
Resources:
AuroraMysqlAppCredentialSecretStore:
Type: AWS::SecretsManager::Secret
Properties:
Name: AuroraMysqlAppCredentialSecretStore
GenerateSecretString:
SecretStringTemplate: '{"username": "admin"}'
GenerateStringKey: "password"
PasswordLength: 30
ExcludeCharacters: '"#/\'
ApprovalDbCluster:
Type: AWS::RDS::DBCluster
Properties:
Engine: aurora
EngineMode: serverless
EngineVersion: '5.6'
DatabaseName: MyDatabaseName
MasterUsername: admin
MasterUserPassword: # HOW TO REFERENCE THE PASSWORD HERE??
DBClusterIdentifier: my-cluster-1
BackupRetentionPeriod: 35
DeletionProtection: false
ScalingConfiguration:
AutoPause: true
MaxCapacity: 8
MinCapacity: 2
SecondsUntilAutoPause: 300
DBSubnetGroupName: my-subnet-name
A final note: Docs state that MasterUserPassword should not be specified if SourceDBInstanceIdentifier or DBSnapshotIdentifier property is given, but my configuration has neither, so apparently I should specify MasterUserPassword.

You can use dynamic references in cloudformation https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
ApprovalDbCluster:
Type: AWS::RDS::DBCluster
Properties:
Engine: aurora
EngineMode: serverless
EngineVersion: '5.6'
DatabaseName: MyDatabaseName
MasterUsername: admin
MasterUserPassword: '{{resolve:ssm-secure:MasterPassword:10}}' #See link

Elastic Beanstalk + AWS::RDS::DBInstance = InvalidParameterValue?

I have a working elastic beanstalk environment, which is launched by boto3. Unfortunately, when I tried to launch an RDS instance with the environment, it fails and terminates with the error InvalidParameterValue: null, but no indication which parameter is invalid.
The only thing I changed was adding the file 01_rds.config to .ebextensions:
Resources:
AWSEBRDSDatabase:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 5
CopyTagsToSnapshot: true
DBInstanceClass: db.t2.micro
DBSnapshotIdentifier: arn:aws:rds:us-west-2:xxxxxxxxxxxx:snapshot:env-qa-seed
DBSubnetGroupName: "env-qa-staging"
Based on the documentation, this should be all I need.
I also tried with these additional properties, with the same result:
DBInstanceIdentifier: env-db
DBName: site
Engine: MySQL
EngineVersion: 5.6.19b
PubliclyAccessible: false
MasterUsername: dbuser
MasterUserPassword: xxxxxxxxxxxx