How To Get Started with Cloud Databases and Amazon RDS

Published:11 July 2022 - 11 min. read

Nicholas Xuan Nguyen Image

Nicholas Xuan Nguyen

Read more tutorials by Nicholas Xuan Nguyen!

Azure Cloud Labs: these FREE, on‑demand Azure Cloud Labs will get you into a real‑world environment and account, walking you through step‑by‑step how to best protect, secure, and recover Azure data.

As the world moves more and more toward cloud-based solutions, knowing how to utilize cloud database also become more crucial. But don’t worry. Amazon Relational Database Service (Amazon RDS) is just what you need.

With Amazon RDS, you get to focus on your applications so you can give them the fast performance, high availability, security, and compatibility they need. And in this tutorial, you’ll learn how to get started with Amazon RDS, a cloud database service provided by Amazon Web Services.

Ready? Read on to get started!

Prerequisites

This tutorial will be a hands-on demonstration. If you’d like to follow along, be sure you have:

  • AWS CLI installed and configured on your machine. This tutorial uses AWS CLI on Ubuntu 20.04 Linux environment.

What is Amazon RDS?

Amazon RDS is a web service that eases setting up, operating, and scaling relational databases in the cloud. Amazon RDS provides cost-efficient and resizable capacity. All these while automating time-consuming administration tasks, such as hardware provisioning, database setup, patching, and backups.

Why use Amazon RDS? Suppose you’re running a web application that needs a database backend. But typically, you don’t want to deal with the hassle of setting up and maintaining your own database server.

Or maybe you’re already using Amazon EC2 for your web application and want to offload the database workload. Whatever your reasons, Amazon RDS comes in handy to set up and operate your relational database in the cloud.

Creating a Dedicated IAM User for Amazon RDS

Assuming you already have an AWS account, you’re now ready to create a database instance using the AWS console. But first, you’ll have to create an AWS Identity and Access Management (IAM) user with proper permissions to work with Amazon RDS.

IAM is a feature of your AWS account that provides security credentials to services and users you register with IAM. With IAM, you can securely control access to your AWS resources.

Instead of a root account, you need an IAM user when you want to use the Amazon RDS API or the AWS Command Line Interface (AWS CLI) to work with Amazon RDS.

If you use the root account credentials to access AWS resources, you have to share the same credentials with everyone who needs access to those resources. This setup can lead to security issues if the credentials are compromised.

To create an IAM user via the AWS console:

1. Sign in to the AWS Management Console using your root account credentials, and click on Sign in.

Signing in to the AWS Management Console Using Root Credentials
Signing in to the AWS Management Console Using Root Credentials

2. Next, search for IAM in the search box at the top, and click on IAM on the list of results, as shown below, to access the IAM console.

Accessing the IAM Console
Accessing the IAM Console

3. On the IAM dashboard, click on Users in the left panel shown below to see the Users page (step four), where you can manage IAM users under your root account.

Accessing the Users Page
Accessing the Users Page

4. Now, click on Add users (top-right) to initialize adding a new IAM user.

Adding a New IAM User
Adding a New IAM User

5. Configure the user details with the following:

  • Provide a unique User name for the user, but this tutorial’s choice is rds-console.
  • Tick the Password – AWS Management Console access check box to enable password access for the user.
  • Select the Custom password option, and set a strong password for the user.
  • Tick the Require password reset box to require a password change when the user logs in for the first time.
  • Click on Next: Permissions to start adding permissions to the new user (step six).
Setting User Details
Setting User Details

6. On the Add user page, click on Add user to group —> Create group to initialize creating a new IAM user group. An IAM group is a collection of IAM users with specific permissions.

Initializing Creating an IAM User Group
Initializing Creating an IAM User Group

7. Now, configure the new IAM user group with the following:

  • Provide a unique Group name, but this tutorial’s choice is rds-console-users.
  • Tick the box beside the AdministratorAccess option to select it, which serves as an IAM role. An IAM role lets you delegate access to users, and you can see that this role provides full access to all Amazon RDS resources.
  • Click on Create group (bottom-right) to create your first group and redirect the browser back to the Add user page.
Create a New Group with Administrator Access
Create a New Group with Administrator Access

8. Back to the Add user page, click on Next: Tags to continue configuring the new user details.

Confirming the New User Group
Confirming the New User Group

9. Skip adding tags, and click on Next: Review to view the summary of the new user details.

Skipping Adding Tags
Skipping Adding Tags

10. Next, review the new user details, and click on Create user at the bottom to create your first IAM user.

Creating a New IAM User
Creating a New IAM User

You’ll see a Success message after creating the new IAM user, as shown below.

Note down the AWS Management Console access URL. You’ll need this access URL to log into the AWS Management Console as your new IAM user.

Confirming Successful User Creation
Confirming Successful User Creation

11. Finally, navigate to your Users page to see your new IAM user on the list, as shown below.

Viewing All Users
Viewing All Users

Creating an RDS Database Instance via the AWS Console

Now that you have an IAM user with the necessary permissions, it’s time to create an Amazon RDS database instance. There are two methods to create an Amazon RDS, via the AWS Console and AWS CLI, but you’ll use the former method for a start.

To create an RDS database instance via the AWS Console:

1. Logout from your root account and navigate to the AWS Management Console access URL you noted in step 10 of the “Creating a Dedicated IAM User for Amazon RDS” section.

On the IAM user login page, enter your IAM user’s credentials, and click on Sign in. Since this is the first time you’re logging in as the IAM user, you’ll be asked to set up a new password (step two).

Logging in as the IAM User
Logging in as the IAM User

2. Next, provide and confirm a new password, and click on Confirm password change to secure your account. Once changed, your browser redirects to the AWS Management Console.

Changing Account Password
Changing Account Password

3. Search for RDS in the search box at the top, and choose RDS to access the RDS Management Console.

Accessing the RDS Management Console
Accessing the RDS Management Console

4. Click on Databases in the left panel while in the Amazon RDS Management Console to see the list of available databases, which is empty, as shown below.

Accessing Available Databases
Accessing Available Databases

5. Now, click on the Create database button (top-right) to initialize creating a new SQL database instance.

Initializing Creating a New Database
Initializing Creating a New Database

6. Choose a database creation method you prefer. But for this tutorial, the choice is the Standard create method since it lets you specify all the configuration options for your database instance.

Selecting Database Creation
Selecting Database Creation

7. Configure your Engine options with the following:

  • Select an Engine type you prefer since Amazon RDS supports multiple database engines. But in this example, you’ll use the Microsoft SQL Server.
  • Select Amazon RDS as your Database management type.
  • Select SQL Server Express Edition since it is a free edition of SQL Server.
  • Select your preferred version of SQL Server. But for this tutorial, you’ll use SQL Server 2019 Express Edition, the latest version at the time of writing.
Configuring Ending Options
Configuring Ending Options

8. Scroll down to the Settings section and configure your database name and credentials as follows:

  • Provide a descriptive name for your database instance (database-1) under DB instance identifier.
  • Provide a username (rds_console) and password for the master user for logging into your database instance.
Setting Credentials for the Database
Setting Credentials for the Database

9. Under the Storage section, configure your database’s storage with the following:

  • Keep the default Storage type value (General purpose (SSD)) since it’s a fast storage type suitable for most workloads.
  • Set Allocated storage (in GB) to provision for your database instance (minimum storage size is 20 GB). The more storage you allocate, the more I/O operations your database instance can process. But remember, more storage also costs more.
  • Untick the Storage autoscaling option since you don’t want Amazon RDS to auto-scale the storage for your database instance. You instead want to control the storage size manually.
Configuring Storage Type
Configuring Storage Type

10. Keep other settings at default since you won’t need to change them for this tutorial, and click on Create database to create your MySQL database instance.

Creating the MySQL Database Instance
Creating the MySQL Database Instance

11. Finally, navigate to your Databases page again, and you’ll see your newly-created database instance with Creating status.

Click the Refresh button to refresh the list and see the latest status.

Verifying Newly-created MySQL Database
Verifying Newly-created MySQL Database

After creating the database, the status changes Available, indicating your database instance is ready to use, as shown below.

Verifying Database Status
Verifying Database Status

Creating an IAM User with Programmatic Access

Creating an RDS Database Instance Using the AWS Console undoubtedly works. But perhaps you’re looking for a way to make the database creation repeatable and automated. In that case, the AWS console is not your best choice since it requires user intervention to perform various tasks manually.

Luckily, AWS lets you create and manage AWS resources using code via the AWS CLI. With the AWS CLI, you can integrate your database provisioning process with your IaC or CI/CD pipeline.

Before creating an RDS database instance via the AWS CLI, you’ll first have to create a dedicated IAM user programmatic access to the IAM user. Doing so permits the IAM user to access the AWS CLI.

1. Log out from your IAM user (rds-console), and log in to your root AWS account.

2. Initialize creating an IAM user as you did in steps three to four of the “Creating A Dedicated IAM User for Amazon RDS” section.

Initializing Adding a New IAM User’
Initializing Adding a New IAM User’

3. Configure the user details and AWS access type with the following:

  • Provide a unique name for your IAM user (rds-cli).
  • Tick the Access keyProgrammatic access option. This option allows the IAM user to access AWS resources via the AWS CLI authenticated by the access key ID and secret access key.
  • Click the Next: Permissions button to continue.
Setting User Details
Setting User Details

4. Now, select Add user to group —> Create group to create a new group.

Creating a New Group
Creating a New Group

5. Configure the new group details as follows:

  • Provide a unique name for your group (rds-cli).
  • Tick the AmazonRDSFullAccess role from the list to allow this group to manage all Amazon RDS resources. You can also fine-tune the permissions by selecting specific Amazon RDS actions that this group is allowed to perform by editing the JSON policy document.
  • Click on Create group button to create the group.
Configuring the New Group
Configuring the New Group

6. Back to the Add user page, tick the box beside the new group (rds-cli), and click on the Next: Tags button to continue.

Back to the Add user page
Back to the Add user page

7. Skip adding tags and click on Next: Review, so you can review the settings you configured for the new IAM user.

Skipping Adding Tags
Skipping Adding Tags

8. Review the new user settings summary, and click on Create user to create the IAM user. Your browser redirects to the IAM user detail page (step nine).

Creating the New IAM User
Creating the New IAM User

9. Lastly, click on Download .csv to download the CSV file or copy the Access key ID and Secret access key and store them safely. You will not see these keys again after you leave this page.

Viewing the Access Key ID and Secret Access Key
Viewing the Access Key ID and Secret Access Key

Creating an RDS Database Instance via the AWS CLI

After creating a dedicated IAM user with the necessary permissions for your CLI environment, you’re now ready to create your RDS database instance via the AWS CLI. But first, ready the keys you noted in the last step of the “Creating an IAM User with Programmatic Access” section.

1. Open your terminal and run the following configure command to configure your IAM user credentials.

This command creates a new file called credentials in the ~/.aws directory. This credentials file stores your IAM user credentials, so you don’t have to provide them every time you run an AWS CLI command.

aws configure

Provide the following when prompted:

  • AWS Access Key ID – The Access key ID of your IAM user.
  • AWS Secret Access Key – The Secret access key of your IAM user.
  • Default region name – The AWS Region you prefer to use, but the choice for this tutorial is us-east-1.
  • Default output format – Enter json since the json output is human readable.
Configuring the New IAM User Credentials
Configuring the New IAM User Credentials

2. Next, run the below sts get-caller-identity command to verify the AWS CLI can assume the IAM role you created in the previous section.

aws sts get-caller-identity

Ensure you note down the ARN value. You’ll later compare that ARN with the one in your IAM console.

Verify AWS CLI Can Assume the IAM Role
Verify AWS CLI Can Assume the IAM Role

If you see the error message saying “An error occurred (AccessDenied),” make sure you correctly configured your IAM user credentials. At the same time, verify the proper permissions have been attached to the IAM user and/or group.

Getting an AccessDenied Error
Getting an AccessDenied Error

3. Navigate to your IAM user detail page on your IAM console, and compare the ARN with the one you noted in step one.

If the ARNs match, you can settle down that your IAM user can assume the IAM role you created.

Comparing the ARN Values
Comparing the ARN Values

4. Now, run the rds describe-db-instances command below (without parameters) to get a list of all the DB instances in your AWS account.

aws rds describe-db-instances

Your output should be blank, like the one below, since you haven’t created any DB instances yet.

Listing DB Instances
Listing DB Instances

5. Run the rds create-db-instance command below to create a new Amazon RDS MySQL database instance by passing the following parameters:

  • --db-instance-identifier – This parameter specifies a unique name for your new DB instance. In this tutorial, the identifier is rds-mysql-instance.
  • --db-instance-class – This parameter specifies the DB instance’s compute and memory capacity (db.t3.micro).
  • --engine – This parameter specifies the database engine (mysql) for this instance.
  • --master-username – This parameter specifies the username for the master user. In this tutorial, the username is rds_cli.
  • --master-user-password – This parameter specifies the password for the master user. You can set your own, but in this example, the password is $trongpa$$word.
  • –allocated-storage – This parameter specifies the storage size for the DB instance in gibibytes (GiB), which is 5GiB (minimum), in this tutorial.
aws rds create-db-instance --db-instance-identifier rds-mysql-instance --db-instance-class db.t3.micro --engine mysql --master-username rds_cli --master-user-password $trongpa$$word --allocated-storage 5
Creating a MYSQL Database Instance
Creating a MYSQL Database Instance

6. Lastly, rerun the following rds describe-db-instances command to check the detailed information of the newly-created DB instance (rds-mysql-instance).

aws rds describe-db-instances --db-instance-identifier rds-mysql-instance
Checking the Newly-created DB Instance’s Information
Checking the Newly-created DB Instance’s Information

Removing DB Instances via the AWS CLI

You’ve successfully created DB instances, but you wouldn’t want to keep one too many, right? AWS charges you hourly for a DB instance while it exists; even if not used, the cost adds up quickly. But with AWS CLI, you can remove DB instances that don’t serve a purpose anymore.

Run the command below to remove the newly-created DB instance with the --skip-final-snapshot parameter. This parameter prevents Amazon RDS from taking a final DB snapshot before deleting the instance.

aws rds delete-db-instance --db-instance-identifier rds-mysql-instance --skip-final-snapshot
Remove a DB Instance
Remove a DB Instance

Now, run the rds describe-db-instances command below to check if the DB instance (rds-mysql-instance) has been deleted.

aws rds describe-db-instances --db-instance-identifier rds-mysql-instance

If you see an error message like the one below, you’ve successfully deleted your target DB instance (rds-mysql-instance)

Verifying Deleted DB Instance
Verifying Deleted DB Instance

Conclusion

In this article, you’ve learned to create IAM users and roles and Amazon RDS MySQL database instances. With all these awesomeness Amazon RDS showed you, avoid hugely unnecessary charges by deleting your DB instances when you’re done with them.

At this point, you can confidently explore more about Amazon RDS and create and delete DB instances. You already have a running MySQL DB instance on Amazon RDS, so why not try to import your local MySQL DB to the cloud?

With your data in the cloud, you can then take advantage of all the benefits that come with it, such as scalability and high availability.

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!