In this hands-on lab, we will create an Aurora MySQL database. First, we will verify that the security groups, network ACL (NACL), and route tables are all configured to allow communication between an instance in a public subnet and an RDS database in a private subnet. After verifying the appropriate settings are in place, we will create the database. Once that is done, we will use an EC2 instance as a bastion to allow us to connect to our private database from an external source.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Validate the Security Groups, Route Tables, and NACLs Are Configured Correctly
Review the provided environment and ensure your subnet NACLs allow traffic on ports 22 and 3306. Verify that the two private subnets are associated with a route table that only has local routes, and verify that a single public subnet is associated with a route table that has a route to the internet gateway. Confirm the presence of two security groups, one for SSH and the other for MySQL.
- Create a Database Subnet Group
Navigate to the Amazon RDS dashboard and create a subnet group for your Aurora cluster that only contains the private subnets. The subnet group should be named
auroralabsubnetgroup.- Create an Amazon Aurora Cluster
Create an Amazon Aurora cluster (MySQL Edition) of type
db.t3.smallwith a reader node in a different AZ using the DB subnet group created earlier and the MySQL security group provided with the lab. In the DB cluster identifier field, enter AuroraLabCluster.- Verify That You Can Authenticate to the Aurora Cluster
Connect to the bastion host instance and use the writer endpoint in a connection string to access MySQL. Once connected, execute the
show global variables like 'aurora_server_id';query. Observe the connection. After that, attempt to connect to the reader instance and run the same query. Observe the results.
