🔗 Supported Cloud Objects🔗 Portal🔗 REST API🔗 tuono.com

AWS RDS

Its all relative anyway...

You've already got some data in an AWS managed RDS instance? You must want access to it, right? Why else would you have it - unless you just want to contribute to the "Bezos needs more money" fund. Hey, maybe he's family. But I'm going to assume the data has some use to you...

AWS supports a bunch of different relational databases. The process to connect to them is about the same for all of the RDS types. I'm just going to walk through MySQL and assume you can figure out how to modify these instructions for the other RDS types. Mostly because I'm lazy. And maybe a little cheap.

In this tutorial, I'm going to walk through creating all of the supporting infrastructure from scratch. That doesn't mean you need to (unless you want to - Uncle Bezos looks like he could use some support). I'm doing this so you get the full context. That should make it easier to apply to your own systems in a way that works great with Tuono deployments. I'll try to point out some of the more important configuration options along the way.

Overview

I'm going to tackle this in four parts. The first sets up the basic networking infrastructure. The second part does a few steps to prepare for the database. The third part creates the database (with no data in it, but you can pretend). The last part deploys a VM to interact with the database - mostly to prove that I'm not a liar (at least for this exercise).

I'm going to use Tuono to deploy the first part, but its ok if this infrastructure was created via other means in your existing environment. It helps me pretend I'm a real IT admin, and its easy.

  1. Base Infrastructure: I'll use a Tuono Environment to deploy the base network - "Main-Net-aws"

  2. Prepare: A few manual steps in AWS to prepare for the database

  3. MySQL: Deploy MySQL using the AWS console

  4. Database Client: I'll use another Tuono Environment - "SQL-User-aws"

Part 1 - Deploy Base Infrastructure

Alright - I put on my IT admin hat. I now feel like a super-genius. I can now deploy the -super- complicated network that will host my MySQL database and its test client. Psyche! (That means "I'm just kidding" for anyone that wasn't a juvenile during the 1980s - and no comment about me still being juvenile, Editor)

Its actually quite simple. The following Blueprint will deploy a network and a pair of subnets for the MySQL instance (AWS requires a minimum of 2 subnets, in different Availability Zones), a subnet for our client, and setup a Network ACL for the subnets.

# This example creates a folder and a network managed by IT
# Main-Net.yml
---
location:
  region:
    my-region:
      azure: northcentralus
      aws: us-west-2
  folder:
    example:
      region: my-region
      name: example

networking:
  network:
    testing:
      range: 10.0.0.0/16
      scope: public
  subnet:
    sql1:
      range: 10.0.1.0/24
      network: testing
      firewall: sql
      scope: private-no-internet
      zone: 2
    sql2:
      range: 10.0.2.0/24
      network: testing
      firewall: sql
      scope: private-no-internet
      zone: 3
    public:
      range: 10.0.3.0/24
      network: testing
      firewall: only-ssh-access
      scope: public
  protocol:
    sql:
      ports:
        - port: 3306
          proto: tcp
    ssh:
      ports:
        - port: 22
          proto: tcp
  firewall:
    sql:
      rules:
        - protocols: sql
          to: self
    only-ssh-access:
      rules:
        - protocols: ssh
          to: self

Then I add my AWS creds, create the Main-Net-aws Environment, and add the Blueprint to it.

Then I apply the Environment to AWS.

Part 2 - Prepare for MySQL

You need a DB Subnet Group in order to deploy an RDS instance in AWS. If you don't pre-create one, then AWS will do it for you. However, then AWS will also create the subnets, too. Since we want them to use our subnets, we need to pre-create the DB Subnet Group.

First, go to the RDS service in the AWS Console, and select "Subnet groups" from the navigation pane on the left and click "Create DB Subnet Group".

Make sure to select the VPC, Availability Zones, and SQL Subnets you created in Part 1. The SQL Subnets Availability Zones can be located under VPC -> Subnets in the AWS Console.

Part 3 - Deploy MySQL Database

Now go back to the RDS Dashboard and Choose "Create database". No need for me to add verbiage here, just follow the screen shots. These are all on the same page - and its a *really* long page.

Feel free to downsize the instance class and storage type to save some money. Told you I was cheap.

Under Connectivity make sure to select the VPC we previously created and create a new security group under "Additional connectivity configuration"

Finally, the last one.

Woohoo! Now hit "Create database". This only takes a few minutes to deploy - unlike the glacially slow Azure SQL Managed Instance that takes 3 hours.

You will likely need to widen the range for the Inbound rule on the auto-generated security group. In this case, I broaden it to 0.0.0.0/0 by editing the inbound subnet rule, since it is not on a public network. You'll likely want to widen it to your VPC.

Part 4 - Deploy SQL-User-aws

Now we deploy an instance to our public subnet. Note that I've set the infrastructure controlled by our IT super-genius ("ahem" - me) to "readonly: true", so the poor pleeb deploying their database client can't ruin my awesome infrastructure.

---
variables:
  admin_username:
    description: The username for the administrative user.
    type: string
    default: adminuser
  admin_public_key:
    description: The OpenSSH Public Key to use for administrative access.
    type: string
    default: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDummyDu= dummy_key@tuono.com

location:
  region:
    my-region:
      azure: northcentralus
      aws: us-west-2
  folder:
    example:
      region: my-region
      name: example

networking:
  network:
    testing:
      range: 10.0.0.0/16
      scope: public
      readonly: true
  subnet:
    sql1:
      range: 10.0.1.0/24
      network: testing
      firewall: sql
      scope: private-no-internet
      readonly: true
      zone: 2
    sql2:
      range: 10.0.2.0/24
      network: testing
      firewall: sql
      scope: private-no-internet
      readonly: true
      zone: 3
    public:
      range: 10.0.3.0/24
      network: testing
      firewall: only-ssh-access
      readonly: true
      scope: public
  protocol:
    sql:
      ports:
        - port: 3306
          proto: tcp
    ssh:
      ports:
        - port: 22
          proto: tcp
  firewall:
    sql:
      rules:
        - protocols: sql
          to: self
    only-ssh-access:
      rules:
        - protocols: ssh
          to: self

compute:
  image:
    bionic:
      publisher: Canonical
      product: UbuntuServer
      sku: 18.04-LTS
      venue:
        aws:
          # if provisioning fails due to image not found, go to:
          # https://cloud-images.ubuntu.com/locator/ec2/
          # and search for "bionic amd64 ebs us-west-2"
          image_id: ami-04bb0cc469b2b81cc
  vm:
    example-vm:
      cores: 1
      memory: 1 GB
      image: bionic
      configure:
        admin:
          username: (( admin_username ))
          public_key: (( admin_public_key ))
      nics:
        demo-nic:
          ips:
            - private:
                type: dynamic
              public:
                type: static
          firewall: only-ssh-access
          subnet: public
      tags:
        wicked: cool

I've created the new "SQL-User-aws" Environment, added my credentials, and added the above Blueprint to it.

Make sure to update the admin_public_key variable with your own public key - otherwise you will not be able to SSH to the VM.

Now apply the Environment and wait a few minutes for it to complete.

Proof of life

Everything is deployed and should be ready to use. Let's verify.

First, grab the Public IP of the VM from your "Details" in the Job log of your Tuono portal session. I hope you have your private key, or this won't work. Luckily, I memorized mine.

This is a base Ubuntu image, so we need to install a few things to be able to login to SQL.

sudo apt update
sudo apt install mysql-client

Now grab the connection info from the database details page in the RDS console on AWS

Then use the mysql client to connect to the database

mysql -h database-1.cluzvxpwlozb.us-west-2.rds.amazonaws.com -P 3306 -u admin -p

I'm in!

$ mysql -h database-1.cluzvxpwlozb.us-west-2.rds.amazonaws.com -P 3306 -u admin -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 70
Server version: 8.0.20 Source distribution

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
PreviousConnecting to Cloud DatabasesNextAzure SQL Managed Instance

Last updated

Was this helpful?