Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

how to create/access db in aws following best practices ?

0

i am creating a relational database in aws via terraform , see sample code below. i want to ensure,i'm following best practices here . while i create or provision a db , can i configure it such that a random password is generated and stored in secrets manager? also, if i set publicly_accessible to false, i am assuming i have to provide private subnet groups in my vpc ? and i should be able to access it from my vpc only?

being new to this, once i create this db instance, how do i connect to this db instance, via aws cli? i assume it will generate a private url, and i can simply use username/password i set to connect ? i'm new to this so some basic examples will be helpful

resource "aws_db_instance" "db_instance" {
  allocated_storage    = 10
  engine               = "postgres"
  engine_version       = "12.5"
  instance_class       = "db.t2.micro"
  identifier           = var.my_identifier
  username             = var.mysql_username
  #password             = var.mysql_password
  parameter_group_name = "default"
  
  db_subnet_group_name = aws_db_subnet_group.db_subnet_group.name
  vpc_security_group_ids = [aws_security_group.vpc_sg.id]
  
  publicly_accessible = false
  skip_final_snapshot = true
}

resource "aws_db_subnet_group" "db_subnet_group" {
  name       = "${var.project_name}-db-subnet-group"
  subnet_ids = module.vpc.private_subnets
}
Themen
Vernetzung & Bereitstellung von InhaltenMigration und ModernisierungAnalysenDatenbank
Tags
Amazon VPCAmazon Relational Database ServiceTerraform
Sprache
English
clouduser
gefragt vor einem Monat109 Aufrufe
2 Antworten
0

Hello.

while i create or provision a db , can i configure it such that a random password is generated and stored in secrets manager?

If "manage_master_user_password" is set to true, a random password will be saved in Secrets Manager.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance

also, if i set publicly_accessible to false, i am assuming i have to provide private subnet groups in my vpc ? and i should be able to access it from my vpc only?

If "publicly_accessible" is set to false, RDS will be assigned a private IP address even if started in a public subnet.
As you know, you can only connect from the same VPC as RDS.
Therefore, I think it is better to use a connection method that uses EC2 etc. as a stepping stone, as introduced in the AWS document below.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Monat
0

Below are best practices and guidelines.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_BestPractices.html

AWS
AWS-User-3429271
beantwortet vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt