glamorous-umbrella-75404
02/12/2024, 6:28 PMimport * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const vpc = new aws.ec2.Vpc("my-vpc", {
cidrBlock: "10.0.0.0/16",
});
export const vpcId = vpc.id;
Below is the code where I import the VPC and create security groups (I added a depends on condition to ensure that the database security group is created afterwards):
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import { vpcId } from "./vpc";
// Security group for the API stack
const apiSecurityGroup = new aws.ec2.SecurityGroup("api-stack-sg", {
vpcId: vpcId,
ingress: [
{
fromPort: 80,
toPort: 80,
protocol: "tcp",
cidrBlocks: ["0.0.0.0/0"], // Replace with specific allowed IPs if needed
},
],
egress: [
{
fromPort: 0,
toPort: 0,
protocol: "-1", // Allow all outbound traffic
cidrBlocks: ["0.0.0.0/0"],
},
],
});
// Security group for data-stack; only allows access from API stack security group
const databaseSecurityGroup = new aws.ec2.SecurityGroup("data-stack-sg", {
vpcId: vpcId,
ingress: [
{
fromPort: 5432,
toPort: 5432,
protocol: "tcp",
securityGroups: [apiSecurityGroup.id],
},
],
egress: [
{
fromPort: 0,
toPort: 0,
protocol: "-1",
cidrBlocks: ["0.0.0.0/0"],
},
],
}, {dependsOn: [apiSecurityGroup]});
export { apiSecurityGroup, databaseSecurityGroup };
Below is the code for the database:
import * as pulumi from "@pulumi/pulumi";
import * as rds from "@pulumi/aws/rds";
import * as random from "@pulumi/random";
import { databaseSecurityGroup } from "../common/securityGroups";
import { vpcId } from "../common/vpc";
// Define the database name
const dbName = "maindb";
// Generate a random password
const dbPassword = new random.RandomPassword("db-password", {
length: 16,
special: true,
}, {additionalSecretOutputs: ["result"]});
// Create the RDS Postgres database
const database = new rds.Instance(dbName, {
engine: "postgres",
engineVersion: "15.5",
dbName,
allocatedStorage: 20,
instanceClass: "db.t3.small",
vpcSecurityGroupIds: [databaseSecurityGroup.id],
username: "adminuser",
password: dbPassword.result,
});
// Make the database endpoint accessible (adjust public access as needed)
const endpoint = database.endpoint.apply(address => {
return address.split(":")[0];
});
export { database, endpoint };
However when I run pulumi up
everything is fine until the database creation... I get the following error:
InvalidParameterCombination: The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-##### and the EC2 security group is in vpc-####
How did I end up with two VPCs? Shouldn't they be in the same as I only created one vpc (and passed that ID to the security groups)?