Admin-Ahead Community

General Category => General Discussion => Topic started by: Vineesh K P on November 03, 2018, 06:09:06 pm

Title: Amazon VPC for Use with an Amazon RDS DB Instance
Post by: Vineesh K P on November 03, 2018, 06:09:06 pm
Hello All,

In this article, we will be looking on how to set up Amazon VPC for using with an Amazon RDS DB instance.

It is a common scenario that an Amazon RDS DB instance in an Amazon VPC, that shares data with a web server that is running in the same VPC. In this tutorial you create the VPC for this scenario.


The diagram given below shows this scenario.

Because your Amazon RDS DB instance only needs to be available to your web server, and not to the public Internet, you create a VPC with both public and private subnets. The web server is hosted in the public subnet, so that it can reach the public Internet. The Amazon RDS DB instance is hosted in a private subnet. The web server is able to connect to the Amazon RDS DB instance because it is hosted within the same VPC, but the Amazon RDS DB instance is not available to the public Internet, providing greater security.

Step One - Create a VPC with Private and Public Subnets

Use the following procedure to create a VPC with both public and private subnets.

To create a VPC and subnets


Code: [Select]
IPv4 CIDR block: 10.0.0.0/16
IPv6 CIDR block: No IPv6 CIDR Block
VPC name: tutorial-vpc
Public subnet's IPv4 CIDR: 10.0.0.0/24
Availability Zone: us-west-2a
Public subnet name: Tutorial public
Private subnet's IPv4 CIDR: 10.0.1.0/24
Availability Zone: us-west-2a
Private subnet name: Tutorial Private 1
Instance type: t2.small
Important : If you do not see the Instance type box in the console, click Use a NAT instance instead. This link is on the right.
Key pair name: No key pair
Service endpoints: Skip this field.
Enable DNS hostnames: Yes
Hardware tenancy: Default

When you're finished, choose Create VPC.

Step Two - Create Additional Subnets

You must have either two private subnets or two public subnets available to create an Amazon RDS DB subnet group for an RDS DB instance to use in a VPC. Because the RDS DB instance for this tutorial is private, add a second private subnet to the VPC.

To create an additional subnet



Step Three - Create a VPC Security Group for a Public Web Server

Next you create a security group for public access. To connect to public instances in your VPC, you add inbound rules to your VPC security group that allow traffic to connect from the internet.

To create a VPC security group



To add inbound rules to the security group


Step Four - Create a VPC Security Group for a Private Amazon RDS DB Instance

To keep your Amazon RDS DB instance private, create a second security group for private access. To connect to private instances in your VPC, you add inbound rules to your VPC security group that allow traffic from your web server only.

To create a VPC security group



To add inbound rules to the security group


Step Five - Create a DB Subnet Group

A DB subnet group is a collection of subnets that you create in a VPC and that you then designate for your DB instances. A DB subnet group allows you to specify a particular VPC when creating DB instances.

To create a DB subnet group



Your new DB subnet group appears in the DB subnet groups list on the RDS console. You can click the DB subnet group to see details, including all of the subnets associated with the group, in the details pane at the bottom of the window.