2

我正在尝试通过云形成模板在西部地区为东部地区的 RDS 数据库创建只读副本。我收到一个错误:

Cannot create a cross region unencrypted read replica from encrypted source.

但是,我尝试提供 kms 密钥 ID 并将 CopyTagsToSnapshot 标记为 true 。这是我的云形成的样子:

Resources:
  MyDB:
   Type: AWS::RDS::DBInstance
   Properties:
    SourceDBInstanceIdentifier: !Ref ReadReplicaURL
    AllocatedStorage: !Ref DBAllocatedStorage
    CopyTagsToSnapshot: true
    DBSubnetGroupName: !Ref DBSubnetGroup
    VPCSecurityGroups:
     - !Ref DBSG1
    KmsKeyId: !Ref DBEncryptionKey
    StorageEncrypted: true
    DBInstanceClass: !Ref DBInstanceClass
    DBInstanceIdentifier: !Ref DBInstanceIdentifier
    Iops: !Ref DBIops
    MonitoringInterval: !Ref DBMonitoringInterval
    Engine: !Ref Engine
    MonitoringRoleArn: !Ref DBMonitoringRoleARN
    Port: !Ref DBPort
    PreferredMaintenanceWindow: !Ref DBPreferredMaintenanceWindow
    StorageType: io1
4

1 回答 1

2

我从 AWS 代表那里得到的答案:

遗憾的是,目前无法通过 CloudFormation 创建加密的 RDS 跨区域只读副本。有一个主动功能请求来实现此功能,我已将您的声音添加到该请求中。该功能实施后,将在此页面上公布:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html

于 2017-03-21T20:42:09.820 回答