Create and Access: Establishing a Secure RDS in Your Private VPC with Bastion Hosts
In this post, we will together create a MySQL RDS service. Subsequently, we will establish a connection to this database by creating an EC2 instance (virtual machine). This EC2 creation process is referred to as a Bastion host. Through this Bastion host, access to our database, which is closed off from the outside world, will be restricted to users with key pairs.
What is RDS:
Amazon RDS (Amazon Relational Database Service) is a cloud-based service provided by Amazon Web Services (AWS) that offers managed, scalable, and high-performance relational databases. RDS supports various database engines, including MySQL, PostgreSQL, Oracle, Microsoft SQL Server, and Amazon Aurora. Users can easily perform management tasks on their databases, enable features like backup and high availability, and focus on their application’s databases.
Creating RDS:
Go to RDS Service: In the AWS Management Console, locate and select the “Amazon RDS” service.
Choose “Create Database”: Click on the “Create database” button to initiate the RDS instance creation process.
We are proceeding by using the Standard Create option. Since I will be working with a MYSQL database, I’m selecting MYSQL. Then, to avoid additional charges and since it’s only a demo account, I’m progressing with the free tier option.
After giving a name to my RDS service, I’m specifying a username and password.
I’m selecting the VPC we created in the previous post and creating a new security group specifically for this RDS service to avoid extra charges (we will configure this security group later).
I’m leaving the other settings unchanged. If you want to disable backups, you can do so from the additional configuration settings.
After completing these steps, I click on “Create” and wait for the service to be created.
Now, after creating our database, we will create an EC2 (Virtual Machine) to connect to this private DB. The virtual machine we create to connect to this internal DB is technically referred to as a Bastion Host.
First, we navigate to our EC2 dashboard. From there, we proceed by selecting “Launch Instance” to access the EC2 creation screen.
Next, we assign a name to our EC2 instance and choose the machine on which it will run. For this purpose, I select an Ubuntu machine.
To connect to this EC2 virtual machine from our computer, we need to create a key pair. We generate this key pair and keep it safe.
In the network settings, we select the VPC that we previously created and which the RDS is also running on. After selecting the VPC, we choose our public subnet-1. We then create a new security group, assigning it a name to avoid confusion, and complete the EC2 creation process by clicking “launch instance.”
Once your EC2 machine is created, we copy the public IP address from the RDS console.
After copying, we open the terminal and navigate to the folder containing our key pair file. We will connect to the key pair file using the SSH method.
ssh -i project-first-kp.pem ubuntu@3.67.186.224In the command given above, replace with your own key pair file and also enter the IP address of the machine you copied. Since I selected an Ubuntu machine, the username before the IP address is ‘ubuntu’. If you had chosen one of Amazon’s own machines, it would have been ‘ec2-user’.
After running this command, a warning will appear, to which we respond ‘yes’. Then, the system prompts us for another operation.
chmod 0400 project-first-kp.pemWith the command above, you grant permission to your key pair file.
ssh -i project-first-kp.pem ubuntu@3.67.186.224Once you run the above command again with your own details, you will now be connected to your Bastion Host.
After completing these steps, to access our SQL DB from this EC2, we need to install some packages. Sometimes an update is required to install MySQL.
sudo apt updateWe complete our update process with the command given above.
sudo apt install mysql-serverWith the following command, we complete the installation of mysql-server.
Now, we need to go to the RDS security group we created earlier and allow everyone to connect to port 3306. This will enable us to connect to the RDS from the machine we created.
We navigate to our RDS and then find the security group to adjust the inbound rules, opening port 3306 to everyone.
mysql -h project-first-db.cb4vqat3y5mv.eu-central-1.rds.amazonaws.com -P 3306 -u admin -pWe connect to the DB with the following command. After the -h command, you need to write the name of your RDS service. Similarly, after -u, you should write the username you used when creating the RDS.
After running this command, it will ask for the password of the DB, which is the one you set when initially creating the RDS.
CREATE DATABASE projectfirst;Finally, we complete the DB creation process with this command.
In this article, we explore setting up a MySQL RDS service in AWS, followed by establishing a secure connection through an EC2 instance (Bastion Host). The journey begins in the AWS Management Console, where we create an RDS instance and then launch an Ubuntu-based EC2 instance. The article guides readers through connecting to the MySQL database from the EC2 instance, demystifying complex cloud operations. The finale involves installing the MySQL server and creating a new database, showcasing seamless cloud integration. The upcoming article promises to delve into deploying a Java application using Docker and ECR, continuing this cloud mastery adventure.