AWS RDS stands for relational database service. It provides various databases as a managed service. For example, it includes support for Oracle, MySQL, MariaDB, and other similar relational databases. Since it is a managed service, RDS provides easy replication of the instances and takes snapshots automatically. Sometimes it is required to apply security updates to your database, this is also supported by RDS where you can schedule these tasks as needed. Another important feature of RDS is that it is possible to vertically scale up or down the database instances at any time. For example, when you want to update your instance with more CPU power, you can simply upgrade to a newer instance type in there.
Creating a RDS instance includes few steps,
A subnet group is required to specify which subnet the database will be located in.
A parameter group is required to provide settings to the database. Usually we don't get access to the database instance and therefore this provides a way of defining database configurations and settings.
A security group is required to control access rights to the RDS instance.
First, let's create a file to keep our variables; vars.tf,
resource "aws_instance" "example" {
ami = var.AMIS[var.AWS_REGION]
instance_type = "t2.micro"
# the VPC subnet
subnet_id = aws_subnet.main-public-1.id
# the security group
vpc_security_group_ids = [aws_security_group.example-instance.id]
# the public SSH key
key_name = aws_key_pair.mykeypair.key_name
}
output "ip" {
value = aws_instance.example.public_ip
}
Then create a file with the name rds.tf,
resource "aws_db_subnet_group" "mariadb-subnet" {
name = "mariadb-subnet"
description = "RDS subnet group"
subnet_ids = [aws_subnet.main-private-1.id, aws_subnet.main-private-2.id]
}
resource "aws_db_parameter_group" "mariadb-parameters" {
name = "mariadb-parameters"
family = "mariadb10.4"
description = "MariaDB parameter group"
parameter {
name = "max_allowed_packet"
value = "16777216"
}
}
resource "aws_db_instance" "mariadb" {
allocated_storage = 100 # 100 GB of storage, gives us more IOPS than a lower number
engine = "mariadb"
engine_version = "10.4.13"
instance_class = "db.t2.small" # use micro if you want to use the free tier
identifier = "mariadb"
name = "mariadb"
username = "root" # username
password = var.RDS_PASSWORD # password
db_subnet_group_name = aws_db_subnet_group.mariadb-subnet.name
parameter_group_name = aws_db_parameter_group.mariadb-parameters.name
multi_az = "false" # set to true to have high availability: 2 instances synchronized with each other
vpc_security_group_ids = [aws_security_group.allow-mariadb.id]
storage_type = "gp2"
backup_retention_period = 30 # how long you’re going to keep your backups
availability_zone = aws_subnet.main-private-1.availability_zone # prefered AZ
skip_final_snapshot = true # skip final snapshot when doing terraform destroy
tags = {
Name = "mariadb-instance"
}
}
In here we allow ingress and egress traffic to our EC2 instance the then limit the ingress traffic of the RDS instance only from the EC2 instance's subnet.
Generate ssh keys,
$ ssh-keygen -f mykey
Initialize the providers,
$ terraform init
Apply the changes,
$ terraform apply -vars="RDS+PASSWORD=somevalue"
Don't forget to clean up once experiments are done,