DEV Community

maso
maso

Posted on

DAY5 -Databases

Overview

Today, I'll run a hands-on lab on databases (DynamoDB, RDS).
Recreate a private EC2 instance and the SSM interface endpoints as in Day4 hands-on if you deleted them.

Hands-on

1. RDS

1. Create a DB subnet group

VPC : the VPC created in Day1 hands-on
Subnets : 2 private subnets (AZa/AZb)

2. Create a security group for the DB

Inbound : TCP3306 (source : SG attached to the EC2 instance)
Outbound : All traffic (default)
※only open for application layer! (important for the test)

3.Create DB

Engine : MySQL
Template : Free tier (If you can't use free tier, choose Dev/Test)
DB instance class : db.t3.micro
Multi-AZ : Off
Storage : gp3
VPC : Day1 VPC
Subnet group : the subnet group created in the previous step
Public accessible : No
VPC security group : the security group created in the previous step
Authentication : password authentication

Check the endpoint!(xxxxx.rds.amazonaws.com)

4. Connection verification

Execute the following commands and ensure that the EC2 instance can access the DB

DB_ENDPOINT=<your-db-endpoint>
timeout 5 bash -c "cat < /dev/null > /dev/tcp/${DB_ENDPOINT}/3306" && echo "TCP OK" || echo "TCP NG"
Enter fullscreen mode Exit fullscreen mode

If you receive "TCP OK", the instance could access to the DB!

2. DynamoDB

DynamoDB is not deployed inside your VPC. You need to call the DynamoDB API endpoints, so you need NAT or DynamoDB Gateway Endpoint to reach the DB.

1. Create DynamoDB Gateway Endpoint

Service : com.amazonaws..dynamodb(Gateway)
Route tables : Private route table
Policy : Full access

2. Create DynamoDB table

Partition key : pk (string)
Capacity mode : On-demand

3. Attach the permissions to the EC2 instance

the IAM role attached to the EC2 instance → Add permissions → Create inline policy → Add following policy to allow EC2 instance to access to the DynamoDB

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DynamoRWForOneTable",
      "Effect": "Allow",
      "Action": [
        "dynamodb:PutItem",
        "dynamodb:GetItem",
        "dynamodb:UpdateItem",
        "dynamodb:DeleteItem",
        "dynamodb:Query",
        "dynamodb:Scan"
      ],
      "Resource": "arn:aws:dynamodb:<your-region>:<your-account-id>:table/<your-table-name>"
    }
  ]
}

Enter fullscreen mode Exit fullscreen mode

4. Access to the DB from the EC2 instance

Set variables.

REGION=<your-region>
TABLE=<your-table-name>
Enter fullscreen mode Exit fullscreen mode

Put a sample item into the table (partition key = user#001, name = sora, age = 27)
※DynamoDB is the KVS (=key/value + Attributes) DB, so use key (= A key for uniquely identifying an item) and attributes (= Data other than keys). If you use the same key with the previous data, the old data is overwritten.

aws dynamodb put-item \
  --region $REGION \
  --table-name $TABLE \
  --item '{"pk":{"S":"user#001"},"name":{"S":"sora"},"age":{"N":"27"}}'
Enter fullscreen mode Exit fullscreen mode

Get the item from the DB using the partition key "user#001".

aws dynamodb get-item \
  --region $REGION \
  --table-name $TABLE \
  --key '{"pk":{"S":"user#001"}}'
Enter fullscreen mode Exit fullscreen mode

If you can receive the date put in the previous step, you can correctly use DB!

3. Tidying-up

  • Delete RDS
  • Delete DynamoDB table
  • Delete DynamoDB gateway endpoint
  • Delete EC2 instance

For test

Key exam points related to today's services.

RDS/Aurora

  • use Multi AZ for the HA (not for improvement of reading performance)
  • use Read Replica for improvement of the reading performance
  • create DB in the private subnets and attach SG allow application SG → DB port
  • use SCT when migrate to the different types of DB (ex. Oracle → Aurora)
  • use DMS when you want to minimize the downtime during the migration.

DynamoDB

  • When searching for data using queries, use keys (it's not good at searching for attributes).
  • Use correct type Unpredictable, spikes needed → On-demand Cost optimization with stable traffic → Provisioned
  • DynamoDB is not created in the VPC! The EC2 instances should access to the DB using NAT or DynamoDB gateway endpoint!

See you soon in Day6 hands-on!

Top comments (0)