Accessing RDS from Elastic Beanstalk, cannot change secuirty groups

0
votes

I am trying to access an RDS database in a VPC from elastic beanstalk. I tried adding the vpcgroup to the the security group list for elastic beanstalk, which works for a regular ec2 instance, but when I try to do this for the elastic beanstalk security group I get the following error message:

Could not update your security group rules (No changes were made): You may not define rules between a VPC group and a non-VPC group

I have also tried adding the existing security group I use for ec2, which can access the RDS database, to the elastic beanstalk instance, but when I do that it says the security group does not exist. How can I make it so that the elastic beanstalk instance has access to my RDS database? Alternatively, what do I need to put in the config.yml file so that it starts out with my prexisting security group that already has access to the RDS database / VPC?

2
amazon-web-servicesamazon-ec2amazon-elastic-beanstalkamazon-rdsamazon-vpc

2 Answers

0
votes

Security groups are specific to a VPC. It appears that your Elastic Beanstalk environment is in EC2 classic instead of a VPC. The quick solution is to enable Classic Link. The more long-term solution is to rebuild your Elastic Beanstalk environment in your VPC.

0
votes

To start the instance in an existing vpc you need to add the vpc and subnet to a .config file in .ebextensions. For example:

option_settings:
  - namespace: aws:ec2:vpc
    option_name: VPCId
    value: vpc-IDhere

  - namespace: aws:ec2:vpc
    option_name: Subnets
    value: subnet-IDhere