Image for post
Image for post
Photo by Campaign Creators on Unsplash

AWS Dev and Deploy Series: Connecting to an RDS instance using Fargate run time secrets

Sriharsha Polimetla
Nov 9, 2020 · 4 min read

This is part 2 of a series, please go through Part 1 here for better understanding if you have not done already.

In the first part, I developed a basic Springboot API and deployed it on AWS Fargate through CodePipeline (AWS CI/CD way). While that was good enough for the application demo, the data is not really persistent and only limited to the run time. This step takes the application a bit closer to being production-ready by using a persistent RDS Database instance.

Why RDS?

Some features:

  1. It also comes with advanced features such as Read Replicas if you need to offload some traffic, automated backups, and in time snapshots of the DB.
  2. It comes with a default security option to allow the traffic only within a VPC specified or within the default VPC. This means, only the applications within the VPC or the ones which can access the traffic of the VPC can only reach the DB.
  3. It can be easily integrated with CloudWatch/SNS and critical cases such as expensive queries taking up on all the memory or DB crashes can be easily traced out.

Using Cloud is not only because you do not want to own servers but also because you can have your cloud provider do the management for you.

If you choose not to use RDS for any reason, the other cloud solution for a relational DB is the one where you manage everything. One such solution is to provision, manage and run the DB instance on an EC2 instance. Based on the instance type and configuration, it can be both expensive and troublesome given that now the Developer/Admin has to take care of the DB management and monitor its performance. While it sounds like a no-go, there are situations in which this approach is preferred, especially when more control and flexibility are desired or if organisations do not allow the DB management by their Cloud Provider.

Implementation

The following parameters have been created additionally

  1. /DataBaseCredentials/Stage/dbname
  2. /DataBaseCredentials/Stage/host. In my case, database-stage.mydomainname
  3. /DataBaseCredentials/Stage/password
  4. /DataBaseCredentials/Stage/username

Thus a total of 8 parameters, each 4 for each environment have been created.

The code can be found here on my GitHub. The branch here is 2-rds-fargate-secrets.

Here is the workflow

Image for post
Image for post
Application workflow

Two DB Stacks, each for dev and prod environment are created using rds-database.yaml. A custom domain name has been used to map to the DB Endpoints since I prefer to use my database with database-dev.mydomain rather than a random constantly changing DNS name provided by AWS. This is, however, optional if you do not have your own domain name. In such cases, you will have to create the /DataBaseCredentials/Stage/host with the DNS name of your DB instance and then deploy the application.

The ECS task definition is changed to pull DB Credentials from SSM during run time by this

Image for post
Image for post
Task Definition Update

The application.properties file of the Springboot application is changed as follows to instruct the Spring framework to expect variables during run time.

Image for post
Image for post
application.properties

All requests done on the API would read/write from the persistent RDS instance now. Any change in the Application layer should not affect the data and consequent rolling updates in the Application can be deployed with ease.

The API consumer should be given the public DNS of the ELB, which is accessible without any authentication and thus, the API is not really secure. The next step of the series to enable authentication of the API by attaching an API Gateway to the ELB and giving the API consumer the endpoint that hits API Gateway but not the ELB directly.

This will be covered in part 3. Keep watching out this space.

Happy Coding!

Clap on, Comment, Share, and Follow!

Image for post
Image for post

👋 Join FAUN today and receive similar stories each week in your inbox! ️ Get your weekly dose of the must-read tech stories, news, and tutorials.

Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬

Image for post
Image for post

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts

Sign up for FAUN

By FAUN

Medium’s largest and most followed independent DevOps publication. Join thousands of aspiring developers and DevOps enthusiasts Take a look

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Sriharsha Polimetla

Written by

Cloud Developer, Passionate Traveler https://www.linkedin.com/in/spolimetla/

FAUN

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Sriharsha Polimetla

Written by

Cloud Developer, Passionate Traveler https://www.linkedin.com/in/spolimetla/

FAUN

FAUN

The Must-Read Publication for Creative Developers & DevOps Enthusiasts. Medium’s largest DevOps publication.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store