how to create/access db in aws following best practices ?


i am creating a relational database in aws via terraform , see sample code below. i want to ensure,i'm following best practices here . while i create or provision a db , can i configure it such that a random password is generated and stored in secrets manager? also, if i set publicly_accessible to false, i am assuming i have to provide private subnet groups in my vpc ? and i should be able to access it from my vpc only?

being new to this, once i create this db instance, how do i connect to this db instance, via aws cli? i assume it will generate a private url, and i can simply use username/password i set to connect ? i'm new to this so some basic examples will be helpful

resource "aws_db_instance" "db_instance" {
  allocated_storage    = 10
  engine               = "postgres"
  engine_version       = "12.5"
  instance_class       = "db.t2.micro"
  identifier           = var.my_identifier
  username             = var.mysql_username
  #password             = var.mysql_password
  parameter_group_name = "default"
  db_subnet_group_name =
  vpc_security_group_ids = []
  publicly_accessible = false
  skip_final_snapshot = true

resource "aws_db_subnet_group" "db_subnet_group" {
  name       = "${var.project_name}-db-subnet-group"
  subnet_ids = module.vpc.private_subnets
2 回答


while i create or provision a db , can i configure it such that a random password is generated and stored in secrets manager?

If "manage_master_user_password" is set to true, a random password will be saved in Secrets Manager.

also, if i set publicly_accessible to false, i am assuming i have to provide private subnet groups in my vpc ? and i should be able to access it from my vpc only?

If "publicly_accessible" is set to false, RDS will be assigned a private IP address even if started in a public subnet.
As you know, you can only connect from the same VPC as RDS.
Therefore, I think it is better to use a connection method that uses EC2 etc. as a stepping stone, as introduced in the AWS document below.

profile picture
已回答 1 个月前
已回答 1 个月前

您未登录。 登录 发布回答。

