Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Temporary RDS instance used by the rds-postgres-dump-blueprint is provisioned in wrong VPC #782

Open
617m4rc opened this issue Sep 29, 2020 · 4 comments
Open

[BUG] Temporary RDS instance used by the rds-postgres-dump-blueprint is provisioned in wrong VPC #782

617m4rc opened this issue Sep 29, 2020 · 4 comments
Labels
bug frozen

Comments

@617m4rc
Copy link

617m4rc commented Sep 29, 2020
edited
Loading

Describe the bug

The blueprint tries to create the temporary database instance without specifying any DB subnet groups, which is why the DB instance ends up in the default VPC. This behavior is problematic because people tend to delete the default VPC for security reasons or use different VPCs for the deployment of their K8s infrastructure.

To Reproduce

Delete the default VPC from your AWS account and the region hosting your DB instances. Any backup action now fails with error message

Error restoring RDS DB instance from snapshot: InvalidSubnet: No default subnet detected in VPC. Please contact AWS Support to recreate default Subnets. status code: 400,

or

Error restoring RDS DB instance from snapshot: InvalidParameterCombination: The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-XXX and the EC2 security group is in vpc-YYY status code: 400

in case you try to fix the first error by creating a new default VPC.

Expected behavior

The blueprint should consider the DB subnet group(s) of the DB instance it is trying to backup and pass on that information when creating the new, temporary instance.

Environment

Kubernetes Version/Provider: v1.17.9-eks-4c6976
Cluster Size (#nodes): 3
@617m4rc 617m4rc added the bug label Sep 29, 2020
@vkamra
Copy link

vkamra commented Sep 30, 2020

@617m4rc - thanks for the bug report. We'll take a look.

@vktr-brlv
Copy link

Caught the same bug.
Running rds in non default vpc.
Restore phase failing with error:

Error:
    Message:  Failed to restore snapshot. SnapshotID=rds-dh9l9vdd2s: Error restoring RDS DB instance from snapshot: InvalidParameterCombination: The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-xxxxxx and the EC2 security group is in vpc-yyyyyyy
              status code: 400, request id: 00e8f3ea-e110-472c-887c-62fc8ecda8cd

@ihcsim
Copy link
Contributor

ihcsim commented May 19, 2022

@vktr-brlv Thanks for bringing this up. Looks like the existing code needs to be updated to support subnet group input. We will take a look once we are back from KubeCon EU. Will you be interested in submitting a PR with this change? I can guide you through the code.

Meanwhile, you can try with the simpler rds-postgres-blueprint.yaml and update the aws rds command to include the --db-subnet-group-name option to see if that works.

@github-actions
Copy link
Contributor

This issue is marked as stale due to inactivity. Add a new comment to reactivate it.

@github-actions github-actions bot added the stale label Jul 20, 2022
@ihcsim ihcsim added the frozen label Jul 20, 2022
@github-actions github-actions bot removed the stale label Jul 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug frozen
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vkamra @ihcsim @617m4rc @vktr-brlv