Can't add RDS database to Elastic Beanstalk environment
I've created maybe 10 Elastic Beanstalk environments with a connected RDS database, but for some reason on this application I'm unable to add an RDS database to my elastic beanstalk environment.
I'm adding the RDS database through the Elastic Beanstalk UI with Configuration > Database
. The error seems to stem around my root user not being able to create an RDS DB Security Group. The event logs show:
INFO: Environment update is starting.
INFO: Updating environment pscope-api-prod's configuration settings.
ERROR: Service:AmazonCloudFormation, Message:Stack named 'awseb-e-rmu57hh9tz-stack' aborted operation. Current state: 'UPDATE_ROLLBACK_IN_PROGRESS' Reason: The following resource(s) failed to create: [AWSEBRDSDBSecurityGroup].
ERROR: Creating RDS database security group named: awseb-e-rmu57hh9tz-stack-awsebrdsdbsecuritygroup-gpqdtr1kvf7z failed Reason: Either the resource does not exist, or you do not have the required permissions.
ERROR: Failed to deploy configuration.
INFO: Deleted RDS database security group named: awseb-e-rmu57hh9tz-stack-awsebrdsdbsecuritygroup-gpqdtr1kvf7z
INFO: The environment was reverted to the previous configuration setting.
After this is done, no database was created and everything is reverted to how it was before trying to add the RDS database.
Things I've tried:
- I'm trying to add this database as the root user, but have also tried creating an IAM user with Administrator privileges and get the same error.
- I've also tried deleting the entire application and environment and recreating, but I get the same error.
- I usually create with eb-cli with
eb create
, but I've also tried creating via the dashboard UI and get the same error.
Solution 1:
I'm new to AWS and had the same problem when trying to create and add a new database from the Elastic Bean Management Console.
It was fixed after adding the AWSServiceRoleForRDS - role in IAM. Go to IAM --> Roles --> Create role --> AWS Service:
Select RDS, and RDS use case. Click on "Next:Permissions". There you'll see that the AmazoneRDSServiceRolePolicy has been added. Click Next:Review --> Create Role.
And you're done. Try creating a database from the Elastic Beanstalk Management Console now. It should work now.
Solution 2:
My problem was clicking Apply at the bottom of the RDS page instead of Continue. After clicking Continue, I was able to see the message telling me to assign two subnets to the database. After doing that and clicking Apply, everything worked fine.
Solution 3:
Apparently when you've run eb create (I guess without specifying any database), the required roles automatically created for your IAM User are missing the required role to allow RDS make changes.
Creating a new role for RDS service in your IAM Management console will "Allow RDS to perform operations using AWS resources on your behalf." after checking the permissions and ensuring that AmazonRDSServiceRolePolicy is on the list, a AWSServiceRoleForRDS will be added to the list and hopefully solve your trouble.