In the previous article, we have created a AWS VPC using terraform CDK.
In this article, we'll be creating an AWS RDS instance in the VPC that we have created earlier.
What is RDS?
RDS stands for "Relational Database Service". Amazon Relational Database Service (Amazon RDS) is a one of the services provided by the Amazon. It is a collection of managed services that makes it simple to set up, operate, and scale databases in the cloud.
Create RDS instance using CDKTF
Before creating the RDS database instance, we first need to create the database subnet group for our database.
Create database subnet group:
Add the following line at the start of the main.ts
file to import required providers.
import {
DbInstance,
DbSubnetGroup,
DbParameterGroup,
DbOptionGroup
} from "./.gen/providers/aws/rds";
Now, create a database subnet group using the two private subnets that we have created earlier (in the previous article).
const dbSubnetGroup = new DbSubnetGroup(
this,
"test-db-subnet-group",
{
name: "db-subnet-group",
subnetIds: ["subnet-01fcXXXX", "subnet-01fcXXXX"]
}
);
NOTE: replace subnet ids with your subnet ids.
Create database parameter group:
- Database parameters specify how the database is configured. For example, database parameters can specify the amount of resources, such as memory to allocate.
- It contains engine configuration values that can be applied to one or more database instances of the same instance type.
const dbParameterGroup = new DbParameterGroup(
this,
"db-parameter-group",
{
name: "test-ghost-db-pg",
family: "mysql8.0",
description: "Parameter group for ghost db: managed by terraform"
}
);
Create database option group:
- Some DB engines offer tools or optional features that simplify managing the databases and making the best use of data.
- RDS makes such tools available through option groups for e.g. Oracle Application Express (APEX), SQL Server Transparent Data Encryption, and MySQL Memcached support.
const dbOptionGroup = new DbOptionGroup(
this,
"db-option-group",
{
name: "test-ghost-db-og",
engineName: "mysql",
majorEngineVersion: "8.0",
optionGroupDescription: "Option group for ghost db: managed by terraform"
}
);
Here, we are using mysql
engine with version 8.0
Create DB specific security group instance:
- Network access to database instances is turned off by default. To have access to them we need to specify rules in a security group that allows access from IP address range, port, or security group.
- Once ingress (traffic routed to the db instance) rules are configured, the same rules apply to all DB instances that are associated with that security group.
- You can specify up to 20 rules in a security group.
const rdsSecurityGroup = new SecurityGroup(
this,
"test-db-security-group",
{
name: "test-db-security-group",
description: "Firewall for RDS instance",
vpcId: vpc.id,
ingress: [
{
fromPort: 22,
toPort: 22,
cidrBlocks: [CIDR_PREFIX],
protocol: "tcp"
}
],
egress: [
{
fromPort: 0,
toPort: 0,
protocol: "-1",
cidrBlocks: ["0.0.0.0/0"],
ipv6CidrBlocks: ["::/0"]
}
]
}
);
Create database instance:
Finally, let's create the database instance.
new DbInstance(this, "tes-rds-db", {
identifier: "tes-rds-db",
engine: "mysql",
engineVersion: "8.0",
allocatedStorage: 10,
instanceClass: "db.t3.micro",
dbName: "test_db",
username: "username",
password: "password",
availabilityZone: "us-east-1a",
dbSubnetGroupName: Token.asString(dbSubnetGroup.name),
parameterGroupName: dbParameterGroup.name,
optionGroupName: dbOptionGroup.name,
vpcSecurityGroupIds: [rdsSecurityGroup.id]
});
identifier
: name of the RDS instanceengine
: the database engine to useengine_version
: engine version to useusername
: database master user namepassword
: database master passwordallocatedStorage
: the amount of allocated storageinstanceClass
: the RDS instance classdbName
: the database nameavailabilityZone
: availability zone of the instancedbSubnetGroupName
: name of db subnet group. db instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in thedefault
VPC, or in EC2 Classic, if availableparameterGroupName
: name of the DB parameter group to associateoptionGroupName
: name of the DB option group to associatevpcSecurityGroupIds
: list of VPC security groups to associate
Deploy the changes:
Use cdktf-cli
to deploy the changes done using following command.
cdktf deploy
Don't forget to check the plan diff appeared on your terminal after applying this command. If everything looks fine then proceed with "Approve".
This way, we can create RDS database instance in an already created VPC.