I'm working on CloudFormation template which includes RDS Database and I wanted to attach security group to RDS. There is a resource AWS::RDS::DBSecurityGroup where I would like to write my own Ingress Rules which allows MySQL traffic from the front end instances by attaching this resource AWS::RDS::DBSecurityGroupIngress but, it doesn't show any properties like "FromPort" , "ToPort" , "Protocol" , etc..
I'm unsure whether the above listed properties will support or not.
From Working with DB Security Groups:
A DB security group controls network access to a DB instance that is not inside a VPC.
If you are using a VPC (which should always be the case unless you systems setup many years ago), you should use an AWS::EC2::SecurityGroup to control security. It does the properties you desire, eg:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Allow http to client host",
"VpcId" : {"Ref" : "myVPC"},
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}]
}
}
