By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Can we create a Table in Aurora during the infra setup using terraform IaaC code ?

0

We use terraform for creating the infra in AWS. We want to create RDS Aurora Postgres instance. Terraform has support to create it. But I am stuck at table creation. There is a line of thought that the Table creation is not part of infra, but for me it looks like part of infra (dynamo db tables are created in terraform). We used terraform local exec command as explained in this link . But the concern is that RDS instances are kept in private subnet, not able to connect directly. Doing SSH tunnelling to execute the table creation script has security issues. Would like to understand from the community how does it is handled ? what are the guidance on this issue ? or or Any leads and help on this will be super helpful.

1 Answer
1
Accepted Answer

There are a few ways that come to mind. Since the RDS database should be in a private subnet and not publicly accessible you will need a way to tunnel to the private connection or run the create table from the private location. The first method would be to spin up a small EC2 host as a bastion that has teh SQL client on it and can connect tot he database instance. Then you could run the create table from it using Terraform.

You could also consider the approach of creating a lambda function using Terraform that can do the create table for you and invoke it from Terraform. There is an example of the invoke here https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lambda_invocation and as an example even though it is not Postgres if has all the parts you can see and extrapolate to a Postgres example, https://docs.aws.amazon.com/lambda/latest/dg/services-rds-tutorial.html.

To summarize create the Aurora Postgres cluster instance and database, create the lambda function in parallel, have the invoke part have a depends on the database and lambda function creation. I think this will be easier than the EC2 bastion instance route.

AWS
answered 3 years ago
profile picture
EXPERT
reviewed a year ago
  • We are planning to use Lamdba route. Thanks.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions