'AWS Cloudformation template Oracle DB option groups

I am trying to apply an Option Group when I create my Oracle RDS instance. I am trying to set Oracle Native Network Encryption through the Option Groups. We have already some setup but I was trying to create an Option Group on the fly and add set the settings. I read this article here that says it is not supported. Is that still the case? Article on StackOverflow

If I can create them on the fly as the stack is being created I get an error that says a resource section is needed. What am I missing here?

AWSTemplateFormatVersion: 2010-09-09
OracleRDSOptionGroup:
  Type: AWS::RDS::OptionGroup
  Properties: 
    OptionGroupDescription: "Allows NNE"
    EngineName: oracle-ee-cdb
    MajorEngineVersion: "19"
    OptionConfigurations: 
      -
        OptionName: NATIVE_NETWORK_ENCRYPTION
        OptionSettings:
           -
             Name: SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER
             Value: "SHA1,MD5"
           - 
             Name: SQLNET.ENCRYPTION_SERVER
             Value: "REQUIRED"
           -    
             Name: SQLNET.ENCRYPTION_TYPES_SERVER
             Value: "AES256"
           -
             Name: SQLNET.CRYPTO_CHECKSUM_SERVER
             Value: "REQUIRED"


Solution 1:[1]

resource section is needed.

Well, you need Resources section:

AWSTemplateFormatVersion: 2010-09-09
Resources:
    OracleRDSOptionGroup:
    Type: AWS::RDS::OptionGroup
    Properties: 
        OptionGroupDescription: "Allows NNE"
        EngineName: oracle-ee-cdb
        MajorEngineVersion: "19"
        OptionConfigurations: 
        -
            OptionName: NATIVE_NETWORK_ENCRYPTION
            OptionSettings:
            -
                Name: SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER
                Value: "SHA1,MD5"
            - 
                Name: SQLNET.ENCRYPTION_SERVER
                Value: "REQUIRED"
            -    
                Name: SQLNET.ENCRYPTION_TYPES_SERVER
                Value: "AES256"
            -
                Name: SQLNET.CRYPTO_CHECKSUM_SERVER
                Value: "REQUIRED"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Marcin

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function