Workshop 9: RDS
$count++; if($count == 1) { include "../mobilemenu.php"; } if ($count == 2) { include "../sharemediasubfolder.php"; } ?>
Workshop Goals
In this hands-on workshop, you’ll learn how to:
• Provision and configure an RDS database instance via AWS CLI
• Secure database access using security groups and IAM authentication
• Connect to the database from an EC2 or local client
• Automate backups and perform restores
• Monitor performance and set alarms with CloudWatch
• Scale with read replicas and storage autoscaling
• Clean up RDS resources to avoid charges
Prerequisites
• AWS CLI v2 installed and configured
• IAM permissions: rds:CreateDBInstance
, ModifyDBInstance
, CreateDBSubnetGroup
, CreateDBParameterGroup
, DeleteDBInstance
, CreateDBSnapshot
• Existing VPC with at least one subnet and security group allowing DB port (default 3306 for MySQL)
• Basic SQL client installed for testing (mysql, psql, etc.)
1. Create a DB Subnet Group
aws rds create-db-subnet-group \
--db-subnet-group-name Workshop9-SubnetGroup \
--db-subnet-group-description "Subnets for Workshop9 RDS" \
--subnet-ids subnet-aaaaaaaaaaaaaaaaa subnet-bbbbbbbbbbbbbbbbbb
create-db-subnet-group Parameters Explained
--db-subnet-group-name Logical name for subnet group.
--db-subnet-group-description Description for clarity.
--subnet-ids Comma-separated subnet IDs in at least two AZs.
2. Configure Security Group
# Allow inbound MySQL (port 3306) from your IP
aws ec2 authorize-security-group-ingress \
--group-id sg-0123456789abcdef0 \
--protocol tcp --port 3306 --cidr YOUR_IP/32
authorize-security-group-ingress Parameters Explained
--group-id ID of security group to modify.
--protocol/--port TCP and port number for database engine.
--cidr Your client IP range for access.
3. Launch RDS DB Instance
aws rds create-db-instance \
--db-instance-identifier workshop9-db \
--db-instance-class db.t3.micro \
--engine mysql \
--engine-version 8.0 \
--allocated-storage 20 \
--master-username adminuser \
--master-user-password AdminPass123 \
--vpc-security-group-ids sg-0123456789abcdef0 \
--db-subnet-group-name Workshop9-SubnetGroup \
--backup-retention-period 7 \
--publicly-accessible
create-db-instance Parameters Explained
--db-instance-identifier Unique ID for the DB instance.
--db-instance-class Instance size for CPU/memory.
--engine/--engine-version Database engine and version.
--allocated-storage Initial storage in GiB.
--master-username/password Admin credentials.
--vpc-security-group-ids Controls network access.
--db-subnet-group-name Specifies subnets.
--backup-retention-period Days to retain automated backups.
--publicly-accessible Allows public endpoint (optional).
4. Connect to the Database
# Retrieve endpoint
ENDPOINT=$(aws rds describe-db-instances \
--db-instance-identifier workshop9-db \
--query "DBInstances[0].Endpoint.Address" --output text)
# Connect using MySQL client
mysql -h $ENDPOINT -P 3306 -u adminuser -p
Connection Steps Explained
Captures the dynamic endpoint from CLI and uses it to connect via client utility.
5. Backup and Restore with Snapshots
# Create snapshot
aws rds create-db-snapshot \
--db-instance-identifier workshop9-db \
--db-snapshot-identifier workshop9-snap-$(date +%Y%m%d%H%M)
# Restore a new instance from snapshot
aws rds restore-db-instance-from-db-snapshot \
--db-instance-identifier workshop9-restored-db \
--db-snapshot-identifier workshop9-snap-YYYYMMDDHHMM \
--db-instance-class db.t3.micro \
--db-subnet-group-name Workshop9-SubnetGroup \
--vpc-security-group-ids sg-0123456789abcdef0
Snapshot and Restore Parameters Explained
create-db-snapshot Captures point-in-time backup.
restore-db-instance-from-db-snapshot Produces a new DB instance from snapshot.
6. Monitoring and Metrics
# View CPU utilization metric
aws cloudwatch get-metric-statistics \
--namespace AWS/RDS --metric-name CPUUtilization \
--dimensions Name=DBInstanceIdentifier,Value=workshop9-db \
--start-time $(date -u -d '1 hour ago' +%Y-%m-%dT%H:%M:%SZ) \
--end-time $(date -u +%Y-%m-%dT%H:%M:%SZ) \
--period 300 --statistics Average
Monitoring Parameters Explained
Retrieves average CPU usage over the past hour in 5‑minute intervals.
7. Scaling with Read Replicas
# Create a read replica
aws rds create-db-instance-read-replica \
--db-instance-identifier workshop9-replica \
--source-db-instance-identifier workshop9-db \
--db-instance-class db.t3.micro
Read Replica Parameters Explained
Launches a read-only copy for offloading read traffic and improving scalability.
8. Cleanup RDS Resources
# Delete read replica
aws rds delete-db-instance --db-instance-identifier workshop9-replica --skip-final-snapshot
# Delete primary DB (take final snapshot if desired)
aws rds delete-db-instance --db-instance-identifier workshop9-db --final-db-snapshot-identifier workshop9-final-snap
Cleanup Parameters Explained
Controls whether to retain a final snapshot before deletion to avoid data loss.
Next Steps
Explore Multi-AZ deployments for high availability, cross-region replicas for disaster recovery, and enhanced monitoring with Performance Insights. Automate RDS provisioning via CloudFormation or Terraform for consistent database infrastructure.