Deploying a RDS Instance into a Specific VPC: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
No edit summary
Line 63: Line 63:
3. Create a VPC security group for the RDS instance.
3. Create a VPC security group for the RDS instance.


 
<syntaxhighlight lang='yaml'>
  PostgresSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub ${MicroworldName}-${EnvironmentName}-postgres-sg
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      GroupDescription: !Sub Security group for ${MicroworldName} ${EnvironmentName} PostgreSQL instance
      SecurityGroupIngress:
        - IpProtocol: -1
          CidrIp: 0.0.0.0/0
</syntaxhighlight>


4. Configure the RDS instance with all of the above.
4. Configure the RDS instance with all of the above.


See: {{Internal|Amazon_Relational_Database_Operations#AWS::RDS::DBInstance|AWS::RDS::DBInstance}}
See: {{Internal|Amazon_Relational_Database_Operations#AWS::RDS::DBInstance|AWS::RDS::DBInstance}}

Revision as of 18:59, 17 April 2019

External

Internal

Procedure

The deployment of a RDS instance in a specific VPC consists in the following steps:

1. Create a dedicated subnet.

This is optional, and it's probably best to do for the clarity of the solution, but it's probably not necessary.

The subnet does not need a route to the internet.

Resources:
  ...  
  PostgresSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      CidrBlock: !Ref PostgreSQLCIDRBlock
      #
      # We do not explicitly associate the subnet with any availability zone, because we really don't care
      # about this, for the RDS instance. In case of the main private subnets of the environment we did,
      # as the ALB won't start if the subnets are in the same availability zone.
      #
      MapPublicIpOnLaunch: false
      Tags:
        - Key: Name
          Value: !Sub ${MicroworldName}-${EnvironmentName}-postgres-subnet

  PostgresRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      Tags:
        - Key: Name
          Value: !Sub ${MicroworldName}-${EnvironmentName}-postgres-subnet-rt

  PostgresRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PostgresRouteTable
      SubnetId: !Ref PostgresSubnet

  #
  # We don't need a route to NAT, as the PostgreSQL instance does not need internet access
  #

2. Create a DB subnet Group.

See:

AWS::RDS::DBSubnetGroup

3. Create a VPC security group for the RDS instance.

  PostgresSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub ${MicroworldName}-${EnvironmentName}-postgres-sg
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      GroupDescription: !Sub Security group for ${MicroworldName} ${EnvironmentName} PostgreSQL instance
      SecurityGroupIngress:
        - IpProtocol: -1
          CidrIp: 0.0.0.0/0

4. Configure the RDS instance with all of the above.

See:

AWS::RDS::DBInstance