Deploying a RDS Instance into a Specific VPC: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 12: Line 12:
The deployment of a RDS instance in a specific VPC consists in the following steps:
The deployment of a RDS instance in a specific VPC consists in the following steps:


1. Create a VPC security group for the RDS instance.
1. Create a dedicated subnet.
 
2. Create a dedicated subnet.


This is optional, and it's probably best to do for the clarity of the solution, but it's probably not necessary.
This is optional, and it's probably best to do for the clarity of the solution, but it's probably not necessary.
Line 59: Line 57:
</syntaxhighlight>
</syntaxhighlight>


3. Create a DB subnet Group.
2. Create a DB subnet Group.


See: {{Internal|Amazon_Relational_Database_Operations#AWS::RDS::DBSubnetGroup|AWS::RDS::DBSubnetGroup}}
See: {{Internal|Amazon_Relational_Database_Operations#AWS::RDS::DBSubnetGroup|AWS::RDS::DBSubnetGroup}}
3. Create a VPC security group for the RDS instance.


4. Configure the RDS instance with all of the above.
4. Configure the RDS instance with all of the above.


See: {{Internal|Amazon_Relational_Database_Operations#AWS::RDS::DBInstance|AWS::RDS::DBInstance}}
See: {{Internal|Amazon_Relational_Database_Operations#AWS::RDS::DBInstance|AWS::RDS::DBInstance}}

Revision as of 18:54, 17 April 2019

External

Internal

Procedure

The deployment of a RDS instance in a specific VPC consists in the following steps:

1. Create a dedicated subnet.

This is optional, and it's probably best to do for the clarity of the solution, but it's probably not necessary.

The subnet does not need a route to the internet. 

Resources:
  ...  
  PostgresSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      CidrBlock: !Ref PostgreSQLCIDRBlock
      #
      # We do not explicitly associate the subnet with any availability zone, because we really don't care
      # about this, for the RDS instance. In case of the main private subnets of the environment we did,
      # as the ALB won't start if the subnets are in the same availability zone.
      #
      MapPublicIpOnLaunch: false
      Tags:
        - Key: Name
          Value: !Sub ${MicroworldName}-${EnvironmentName}-postgres-subnet

  PostgresRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Fn::ImportValue: !Sub ${MicroworldName}-vpc-id
      Tags:
        - Key: Name
          Value: !Sub ${MicroworldName}-${EnvironmentName}-postgres-subnet-rt

  PostgresRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref PostgresRouteTable
      SubnetId: !Ref PostgresSubnet

  #
  # We don't need a route to NAT, as the PostgreSQL instance does not need internet access
  #

2. Create a DB subnet Group.

See:

AWS::RDS::DBSubnetGroup

3. Create a VPC security group for the RDS instance.


4. Configure the RDS instance with all of the above.

See:

AWS::RDS::DBInstance
Retrieved from "https://kb.novaordis.com/index.php?title=Deploying_a_RDS_Instance_into_a_Specific_VPC&oldid=58194"