Create an Amazon Aurora RDS Database (MySQL Compatible)
AWS Training Architect II in Content
There are several tasks to complete in this learning activity. First we will verify that the security group, network ACL, and route table are all configured to allow communication between an instance in a public subnet and an RDS database in a private subnet. We need to validate that traffic on the appropriate ports is allowed, so that we can create a MySQL database. Once that's done, we will use an SSH tunnel and connect to it using MySQL Workbench. For more on Creating an RDS DB Instance, see: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Tutorials.WebServerDB.CreateDBInstance.html
Create an Amazon RDS Database
There are several tasks to accomplish in this lab. First, we will verify the security group, network ACL, and route table are all configured to allow communication between an instance in a public subnet and an RDS database in a private subnet. We need to validate that traffic on the appropriate ports is allowed, so we can create a MySQL database. Once that's done, we will use an SSH tunnel and connect to it using MySQL Workbench.
Log in to the AWS console with the
cloud_user credentials provided on the lab page, and make sure you are in
us-east-1 throughout the lab.
Download and install MySQL Workbench on your desktop. This application is necessary to connect to the MySQL Database. You can download the file directly from MySQL here.
Be sure to select the correct operating system!
Configure the Security Group, Route Table, and NACL
In the AWS Management Console, navigate to VPC.
- Click Subnets in the left-hand menu, and we'll see there are three subnets listed.
- Click the pencil icon in the Name section of the subnet with an IPv4 CIDR of 10.0.1.0/24 and enter the name "PublicSubnet1".
- Click the pencil icon in the Name section of the subnet with an IPv4 CIDR of 10.0.2.0/24 and enter the name "PrivateSubnet2".
- Click the pencil icon in the Name section of the subnet with an IPv4 CIDR of 10.0.3.0/24 and enter the name "PrivateSubnet3".
Configure Route Tables
- Click Route Tables in the left-hand menu, and select the route table that's associated with three subnets.
- Click the Routes tab at the bottom, and we'll see the internet gateway is attached to the route.
- Click the Subnet Associations tab, and click Edit.
- Uncheck the two private subnets, and click Save.
- Select the route table that isn't associated with any subnets, click the Subnet Associations tab, and click Edit.
- Select the private subnets, and click Save.
- Click Network ACLs in the left-hand menu, and select the NACL that's associated with three subnets.
- Click the Inbound Rules and Outbound Rules tabs, and notice all traffic is allowed in and out.
Configure Security Groups
- Click Security Groups in the left-hand menu, and select the one listed.
- Click Create Security Group.
- In the Create Security Group popup, use the following values:
- Group name: EC2InstanceGrp
- Description: EC2InstanceGrp
- VPC: Leave default listed.
- Click Yes, Create.
- Select EC2InstanceGrp in the table, click the Inbound Rules tab, and click Edit. Use the following settings:
- Type: ALL TCP
- Protocol: TCP (6)
- Port Range: ALL
- Source: 0.0.0.0/0
- Click Save.
Set up an EC2 Instance for SSH Tunneling
Now, we'll create an EC2 instance, which we'll use to create an SSH tunnel to the database.
- Navigate to the EC2 dashboard, and click Launch Instance.
- On the AMI page, select the Amazon Linux AMI (not Amazon Linux 2 AMI).
- Leave t2.micro selected, and click Next: Configure Instance Details.
- On the Configure Instance Details page:
- Network: Leave default.
- Subnet: PublicSubnet1
- Auto-assign Public IP: Enable
- Click Next: Add Storage, and then click Next: Add Tags.
- On the Add Tags page, add the following tag:
- Key: Name
- Value: EssentialsEC2Server
- Click Next: Configure Security Group.
- Click to Select an existing security group, and then select EC2InstanceGrp from the table.
- Click Review and Launch, and then Launch.
- In the key pair popup, select Create a new key pair and give it a Key pair name of "essentialsrds". Click Download Key Pair, and then Launch Instances.
- Click View Instances, and give the instance a few minutes to enter the running state.
Set up RDS Aurora Database
- Navigate to RDS in the AWS console.
- Click Create database.
- Select the Amazon Aurora engine.
- Leave the Edition selection as MySQL 5.6-compatible, and click Next.
- On the Specify DB details page, use the following settings:
- Capacity type: Provisioned
- DB instance class: db.t2.small — 1vCPU, 2GiB RAM
- Multi-AZ deployment: Create Replica in Different Zone
- DB instance identifier: MyEssentialsDB
- Master username: admin
- Master password: Whatever you want, but make sure you remember it!
- Click Next.
- On the Configure advanced settings page, use the following settings:
- In the Network & Security section:
- VPC: Our default
- Subnet group: Create new DB Subnet Group
- Public accessibility: No
- Availability Zone: Select the availability zone the private subnet is deployed in. Check which one it is by opening a new tab and navigating to VPC > Subnets, selecting the private subnet, and checking in the Description tab.
- VPC security groups: Create new VPC security group
- In the Database options section:
- DB cluster identifier: aurora
- Database name: auroradb
- In the Monitoring section:
- Disable enhanced monitoring
- In the Deletion protection section:
- Uncheck Enable deletion protection
- In the Network & Security section:
- Click Create database. It will take five to ten minutes for it to be created. Click View DB instance details to see the progress.
Connect to RDS Aurora Database
- On the auroradb page, once the DB instance status is available, scroll to the Connect section.
- Make note of the endpoint — we'll need that to connect to the MySQL Workbench.
- Notice the security group has been restricted to a certain IP address. Open the VPC dashboard in a new browser tab to fix this.
- Once in the VPC dashboard, click Security Groups in the left-hand menu.
- Select the rds-launch-wizard security group, go to the Inbound Rules tab, and click Edit.
- Change the Source IP address to 0.0.0.0/0, and click Save.
- Now, navigate to EC2, click Instances in the left-hand menu, and copy the public IP of the running instance.
- Open up MySQL Workbench, and click the plus sign by MySQL Connections.
- In the Setup New Connection popup, use the following settings:
- Connection Name: AuroraDB
- Connection Method: Standard TCP/IP over SSH
- SSH Hostname: Paste in the IP address of the EC2 instance
- SSH Username: Get this by clicking Connect in the EC2 instance page, and copying it.
- SSH Key File: Upload the .pem file you downloaded when you created the key pair.
- MySQL Hostname: Paste in the database endpoint.
- Username: admin
- Password: Enter the master password you created earlier.
- Click Test Connection, and then OK. You should get a message that you successfully made the MySQL connection.
- Double-click the AuroraDB box. If it isn't working, double-check your security group configuration.
Congratulations on completing this lab!