In this hands-on lab, we will create an Aurora MySQL database cluster. First, we will verify that the security groups and network ACLs (NACLs)s are all configured correctly, then create a new security group, and finally create an Aurora MySQL database in a private subnet.
Successfully complete this lab by achieving the following learning objectives:
- Verify the Security Groups and NACLs
Verify the private subnets are associated with a route table that does not contain a direct route to an internet gateway.
Verify NACLs allow TCP traffic on ports 0-65535.
- Create an Aurora MySQL Database Security Group
Create a new database security group allowing MySQL/Aurora access on port 3306 from the default security group.
Then update the default security group rules to allow SSH port 22 traffic from anywhere.
- Create an Aurora MySQL Database Cluster
- Create a RDS Aurora database, ensuring the database is launched in a private subnet.
- Ensure the subnet group (create new) and security group associated with the RDS Aurora database permits traffic on TCP 3306:
- Create an Aurora Database
- Select the default MySQL and default MySQL version
- Leave the default Database Location as Regional
- Choose Dev/Test for templates
- Add auroracluster as our DB Identifier
- Add password for the admin credentials
- For the DB instance size choose burstable and db.t2.small
- Enable multi-AZ deployment
- Select or create new subnet group
- Choose to not have your database publicly accessible
- Choose a security group
- Leave the defaults for AZ and database port
- Add auroraclusterinstance1 as the DB instance identifier
- Add initial database name: auroradb
- Leave the defaults for parameter groups
- Leave defaults for IAM, Failover, Backup, Encryption, BackTrack
- Do not enable enhanced monitoring because it will take a bit longer for your database to create
- Leave default for maintenance as well
- Click Create Database