Relational Database Service

Attention

These notes are being moved to https://www.pkimber.net/open/salt-cloud-amazon.html

From An Introduction to the AWS Command Line Tool Part 2

Create a security group for the database:

aws ec2 create-security-group \
  --group-name MySecurityGroupDBOnly \
  --description "Inbound DB only"

Allow access:

aws ec2 authorize-security-group-ingress \
  --group-name MySecurityGroupDBOnly \
  --source-group MySecurityGroupDBOnly \
  --protocol tcp --port 5432

Note

The above rule allows any EC2 instance associated with MySecurityGroupDBOnly to access any other EC2 or RDS instance associated with MySecurityGroupDBOnly on port 5432/tcp.

Create Database

Generate a secure password using apg:

apg -a0 -n10 -m16

Make a note of the ID of your security group:

aws ec2 describe-security-groups --group-names MySecurityGroupDBOnly

Create the database instance:

aws rds create-db-instance \
  --db-name MyDatabase \
  --db-instance-identifier my-db-instance \
  --allocated-storage 5 \
  --db-instance-class db.t1.micro \
  --engine postgres \
  --master-username dbadmin \
  --master-user-password <password generated with apg> \
  --vpc-security-group-ids <db security group id>

  • Replace <password generated with apg> with the password generated by agp.

  • Replace <db security group id> with the ID of your security group.

You can view your database instance:

aws rds describe-db-instances

Security

To allow access to your database you need two bits of information:

The EC2 instance ID. Find the InstanceId by running this command:

aws ec2 describe-instances

The group ID of your original security group (see awscli):

aws ec2 describe-security-groups --group-names MySecurityGroup

The group ID of your database security group:

aws ec2 describe-security-groups --group-names MySecurityGroupDBOnly

This is the command to set-up the security:

aws ec2 modify-instance-attribute \
  --instance-id <instance id> \
  --groups <security group id> <db security group id>

  • Replace <instance id> with the InstanceId

  • Replace <security group id> with the ID of the standard security group (see awscli).

  • Replace <db security group id> with the ID of the database security group.

Usage

You should be able to connect to your database instance using psql:

psql --host=my-db-instance.cmf1ips9eg9s.eu-west-1.rds.amazonaws.com --username=dbadmin postgres

  • Run aws rds describe-db-instances (see above) to find the Endpoint address.

  • Enter the master user password when prompted (see apg above)