Skip to content
Alchemy
GitHubXDiscord

DBSecurityGroup

The DBSecurityGroup resource allows you to manage AWS RDS DBSecurityGroups to control access to your Amazon RDS databases.

Minimal Example

Section titled “Minimal Example”

Create a basic DBSecurityGroup with required properties and a common optional property.

import AWS from "alchemy/aws/control";


const dbSecurityGroup = await AWS.RDS.DBSecurityGroup("myDbSecurityGroup", {
  GroupDescription: "Security group for my RDS instance",
  DBSecurityGroupIngress: [
    {
      CIDRIP: "203.0.113.0/24",
      FromPort: 3306,
      ToPort: 3306,
      IpProtocol: "tcp"
    }
  ],
  EC2VpcId: "vpc-0abcd1234efgh5678", // Optional VPC ID
  Tags: [
    {
      Key: "Environment",
      Value: "Production"
    }
  ]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a DBSecurityGroup with multiple ingress rules for different protocols and ports.

const advancedDbSecurityGroup = await AWS.RDS.DBSecurityGroup("advancedDbSecurityGroup", {
  GroupDescription: "Advanced security group for RDS with multiple ingress rules",
  DBSecurityGroupIngress: [
    {
      CIDRIP: "192.0.2.0/24",
      FromPort: 5432,
      ToPort: 5432,
      IpProtocol: "tcp"
    },
    {
      CIDRIP: "198.51.100.0/24",
      FromPort: 3306,
      ToPort: 3306,
      IpProtocol: "tcp"
    }
  ],
  EC2VpcId: "vpc-0abcd1234efgh5678", // Optional VPC ID
  Tags: [
    {
      Key: "Environment",
      Value: "Staging"
    }
  ]
});

Using Existing Resources

Section titled “Using Existing Resources”

If you want to adopt an existing DBSecurityGroup instead of creating a new one, you can do so like this:

const existingDbSecurityGroup = await AWS.RDS.DBSecurityGroup("existingDbSecurityGroup", {
  GroupDescription: "Existing RDS DBSecurityGroup to adopt",
  DBSecurityGroupIngress: [
    {
      CIDRIP: "203.0.113.0/24",
      FromPort: 3306,
      ToPort: 3306,
      IpProtocol: "tcp"
    }
  ],
  adopt: true // Adopt existing resource
});

Tagging Example

Section titled “Tagging Example”

Create a DBSecurityGroup with tags for better resource management.

const taggedDbSecurityGroup = await AWS.RDS.DBSecurityGroup("taggedDbSecurityGroup", {
  GroupDescription: "Security group with detailed tagging",
  DBSecurityGroupIngress: [
    {
      CIDRIP: "10.0.0.0/16",
      FromPort: 3306,
      ToPort: 3306,
      IpProtocol: "tcp"
    }
  ],
  Tags: [
    {
      Key: "Project",
      Value: "Database Migration"
    },
    {
      Key: "Owner",
      Value: "Database Team"
    }
  ]
});