This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::RDS::DBSecurityGroup Ingress The `Ingress` property type specifies an individual ingress rule within an `AWS::RDS::DBSecurityGroup` resource. **Note** EC2-Classic was retired on August 15, 2022. If you haven't migrated from EC2-Classic to a VPC, we recommend that you migrate as soon as possible. For more information, see [Migrate from EC2-Classic to a VPC](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/vpc-migrate.html) in the *Amazon EC2 User Guide*, the blog [EC2-Classic Networking is Retiring – Here’s How to Prepare](https://amazonaws-china.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/), and [Moving a DB instance not in a VPC into a VPC](https://docs.amazonaws.cn/AmazonRDS/latest/UserGuide/USER_VPC.Non-VPC2VPC.html) in the *Amazon RDS User Guide*. ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "[CIDRIP](#cfn-rds-dbsecuritygroup-ingress-cidrip)" : String, "[EC2SecurityGroupId](#cfn-rds-dbsecuritygroup-ingress-ec2securitygroupid)" : String, "[EC2SecurityGroupName](#cfn-rds-dbsecuritygroup-ingress-ec2securitygroupname)" : String, "[EC2SecurityGroupOwnerId](#cfn-rds-dbsecuritygroup-ingress-ec2securitygroupownerid)" : String } ``` ### YAML ``` [CIDRIP](#cfn-rds-dbsecuritygroup-ingress-cidrip): String [EC2SecurityGroupId](#cfn-rds-dbsecuritygroup-ingress-ec2securitygroupid): String [EC2SecurityGroupName](#cfn-rds-dbsecuritygroup-ingress-ec2securitygroupname): String [EC2SecurityGroupOwnerId](#cfn-rds-dbsecuritygroup-ingress-ec2securitygroupownerid): String ``` ## Properties `CIDRIP` The IP range to authorize. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EC2SecurityGroupId` Id of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EC2SecurityGroupName` Name of the EC2 security group to authorize. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EC2SecurityGroupOwnerId` Amazon Web Services account number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The Amazon access key ID isn't an acceptable value. For VPC DB security groups, `EC2SecurityGroupId` must be provided. Otherwise, `EC2SecurityGroupOwnerId` and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### Specifying an ingress rule The following example specifies two security group ingress rules. #### JSON ``` "DBSecurityGroupIngress":[ { "EC2SecurityGroupId":"sg-b0ff1111", "EC2SecurityGroupOwnerId":"111122223333" }, { "EC2SecurityGroupId":"sg-ffd722222", "EC2SecurityGroupOwnerId":"111122223333" } ] ``` #### YAML ``` DBSecurityGroupIngress: - EC2SecurityGroupId: sg-b0ff1111 EC2SecurityGroupOwnerId: '111122223333' - EC2SecurityGroupId: sg-ffd722222 EC2SecurityGroupOwnerId: '111122223333' ```