Deploying a RDS Instance into a Specific VPC: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 12: Line 12:
The deployment of a RDS instance in a specific VPC consists in the following steps:
The deployment of a RDS instance in a specific VPC consists in the following steps:


1. Create a dedicated subnet.
1. Create at least two dedicated subnets, in two different availability zones. One subnet is not sufficient, the DB deployment will fail.


This is optional, and it's probably best to do for the clarity of the solution, but it's probably not necessary.
This is optional, and it's probably best to do for the clarity of the solution, but it's probably not necessary.

Revision as of 19:37, 17 April 2019

External

Internal

Procedure

The deployment of a RDS instance in a specific VPC consists in the following steps:

1. Create at least two dedicated subnets, in two different availability zones. One subnet is not sufficient, the DB deployment will fail.

This is optional, and it's probably best to do for the clarity of the solution, but it's probably not necessary.

The subnet does not need a route to the internet. 

Resources:
  ...  
  PostgresSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      CidrBlock: !Ref PostgreSQLCIDRBlock
      #
      # We do not explicitly associate the subnet with any availability zone, because we really don't care
      # about this, for the RDS instance. In case of the main private subnets of the environment we did,
      # as the ALB won't start if the subnets are in the same availability zone.
      #
      MapPublicIpOnLaunch: false
      Tags:
        - Key: Name
          Value: !Sub ${MicroworldName}-${EnvironmentName}-postgres-subnet

  PostgresRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      Tags:
        - Key: Name
          Value: !Sub ${MicroworldName}-${EnvironmentName}-postgres-subnet-rt

  PostgresRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PostgresRouteTable
      SubnetId: !Ref PostgresSubnet

  #
  # We don't need a route to NAT, as the PostgreSQL instance does not need internet access
  #

2. Create a DB subnet Group.

See:

AWS::RDS::DBSubnetGroup

3. Create a VPC security group for the RDS instance. 

  PostgresSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub ${MicroworldName}-${EnvironmentName}-postgres-sg
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      GroupDescription: !Sub Security group for ${MicroworldName} ${EnvironmentName} PostgreSQL instance
      SecurityGroupIngress:
        - IpProtocol: -1
          CidrIp: 0.0.0.0/0

4. Configure the RDS instance with all of the above.

See:

AWS::RDS::DBInstance
Retrieved from "https://kb.novaordis.com/index.php?title=Deploying_a_RDS_Instance_into_a_Specific_VPC&oldid=58205"