Workshop 9: RDS

Workshop Goals

In this hands-on workshop, you’ll learn how to:
• Provision and configure an RDS database instance via AWS CLI
• Secure database access using security groups and IAM authentication
• Connect to the database from an EC2 or local client
• Automate backups and perform restores
• Monitor performance and set alarms with CloudWatch
• Scale with read replicas and storage autoscaling
• Clean up RDS resources to avoid charges

Prerequisites

• AWS CLI v2 installed and configured
• IAM permissions: rds:CreateDBInstance, ModifyDBInstance, CreateDBSubnetGroup, CreateDBParameterGroup, DeleteDBInstance, CreateDBSnapshot
• Existing VPC with at least one subnet and security group allowing DB port (default 3306 for MySQL)
• Basic SQL client installed for testing (mysql, psql, etc.)

1. Create a DB Subnet Group

aws rds create-db-subnet-group \
  --db-subnet-group-name Workshop9-SubnetGroup \
  --db-subnet-group-description "Subnets for Workshop9 RDS" \
  --subnet-ids subnet-aaaaaaaaaaaaaaaaa subnet-bbbbbbbbbbbbbbbbbb

create-db-subnet-group Parameters Explained

--db-subnet-group-name Logical name for subnet group.
--db-subnet-group-description Description for clarity.
--subnet-ids Comma-separated subnet IDs in at least two AZs.

2. Configure Security Group

# Allow inbound MySQL (port 3306) from your IP
aws ec2 authorize-security-group-ingress \
  --group-id sg-0123456789abcdef0 \
  --protocol tcp --port 3306 --cidr YOUR_IP/32

authorize-security-group-ingress Parameters Explained

--group-id ID of security group to modify.
--protocol/--port TCP and port number for database engine.
--cidr Your client IP range for access.

3. Launch RDS DB Instance

aws rds create-db-instance \
  --db-instance-identifier workshop9-db \
  --db-instance-class db.t3.micro \
  --engine mysql \
  --engine-version 8.0 \
  --allocated-storage 20 \
  --master-username adminuser \
  --master-user-password AdminPass123 \
  --vpc-security-group-ids sg-0123456789abcdef0 \
  --db-subnet-group-name Workshop9-SubnetGroup \
  --backup-retention-period 7 \
  --publicly-accessible

create-db-instance Parameters Explained

--db-instance-identifier Unique ID for the DB instance.
--db-instance-class Instance size for CPU/memory.
--engine/--engine-version Database engine and version.
--allocated-storage Initial storage in GiB.
--master-username/password Admin credentials.
--vpc-security-group-ids Controls network access.
--db-subnet-group-name Specifies subnets.
--backup-retention-period Days to retain automated backups.
--publicly-accessible Allows public endpoint (optional).

4. Connect to the Database

# Retrieve endpoint
ENDPOINT=$(aws rds describe-db-instances \
  --db-instance-identifier workshop9-db \
  --query "DBInstances[0].Endpoint.Address" --output text)

# Connect using MySQL client
mysql -h $ENDPOINT -P 3306 -u adminuser -p

Connection Steps Explained

Captures the dynamic endpoint from CLI and uses it to connect via client utility.

5. Backup and Restore with Snapshots

# Create snapshot
aws rds create-db-snapshot \
  --db-instance-identifier workshop9-db \
  --db-snapshot-identifier workshop9-snap-$(date +%Y%m%d%H%M)

# Restore a new instance from snapshot
aws rds restore-db-instance-from-db-snapshot \
  --db-instance-identifier workshop9-restored-db \
  --db-snapshot-identifier workshop9-snap-YYYYMMDDHHMM \
  --db-instance-class db.t3.micro \
  --db-subnet-group-name Workshop9-SubnetGroup \
  --vpc-security-group-ids sg-0123456789abcdef0

Snapshot and Restore Parameters Explained

create-db-snapshot Captures point-in-time backup.
restore-db-instance-from-db-snapshot Produces a new DB instance from snapshot.

6. Monitoring and Metrics

# View CPU utilization metric
aws cloudwatch get-metric-statistics \
  --namespace AWS/RDS --metric-name CPUUtilization \
  --dimensions Name=DBInstanceIdentifier,Value=workshop9-db \
  --start-time $(date -u -d '1 hour ago' +%Y-%m-%dT%H:%M:%SZ) \
  --end-time $(date -u +%Y-%m-%dT%H:%M:%SZ) \
  --period 300 --statistics Average

Monitoring Parameters Explained

Retrieves average CPU usage over the past hour in 5‑minute intervals.

7. Scaling with Read Replicas

# Create a read replica
aws rds create-db-instance-read-replica \
  --db-instance-identifier workshop9-replica \
  --source-db-instance-identifier workshop9-db \
  --db-instance-class db.t3.micro

Read Replica Parameters Explained

Launches a read-only copy for offloading read traffic and improving scalability.

8. Cleanup RDS Resources

# Delete read replica
aws rds delete-db-instance --db-instance-identifier workshop9-replica --skip-final-snapshot

# Delete primary DB (take final snapshot if desired)
aws rds delete-db-instance --db-instance-identifier workshop9-db --final-db-snapshot-identifier workshop9-final-snap

Cleanup Parameters Explained

Controls whether to retain a final snapshot before deletion to avoid data loss.

Next Steps

Explore Multi-AZ deployments for high availability, cross-region replicas for disaster recovery, and enhanced monitoring with Performance Insights. Automate RDS provisioning via CloudFormation or Terraform for consistent database infrastructure.

Previous: Workshop 8: IAM | Next: Workshop 10: S3

<
>