Creating, configuring, and connecting to a new Amazon RDS instance from TORO Cloud
This document will guide you on how to provision a new Amazon RDS instance so that it can be used by Martini instances in TORO Cloud. To summarize, this guide will cover the following steps:
- Permitting connections from the Martini instance to the Amazon RDS instance
- Creating, configuring, and deploying the Amazon RDS instance
- Creating a database connection for the RDS instance in Martini
Choosing an AWS region...
It is recommended that you deploy your new AWS RDS instance in the same region as your TORO Cloud instance to minimize network latency. At present all TORO Cloud instances are deployed to the US East (Northern Virginia) region.
Allowing access to the Amazon RDS instance
The first step is to create a security group before creating and deploying the Amazon RDS instance. The security group this document needs you to create is intended to allow connections from the Martini instance in TORO Cloud to the to-be-provisioned Amazon RDS.
Ensure you have permission to create resources in AWS
This part will use Amazon CloudFormation. AWS CloudFormation automates the creation of resources using a preconfigured template. Please ensure your AWS user account has permissions to create new resources in AWS.
- Download the CloudFormation template from this repository. This repository contains
multiple CloudFormation templates specific to the application or database engine you're going to use.
This example will use the MySQL/Aurora template which whitelists port
From the AWS Console, go to the CloudFormation service's dashboard. From the CloudFormation dashboard, click the Create Stack button.
From the Create Stack page, select "Upload a template to Amazon S3", and then select the JSON file downloaded in step #1. Once you've selected the file, press the Next button.
The next page will ask you to name your CloudFormation stack1 and define your stack's parameter values2. For the (1) Stack name, this can be anything; for the (2) SecurityGroupVPC parameter, you have to select the VPC where the security group will be used. Once done, press the Next button.
After clicking Next, CloudFormation will ask you to provide additional details or settings. You can leave all these fields with their default values. Press Next to proceed.
The last page before deploying the stack is the Review page. This page shows the summary of all the resources that the CloudFormation template will deploy. Press the Create button to start deploying your template. After pressing Create, you should now see the CloudFormation template being deployed:
Once deployment has completed, go to your VPC and click Security Groups. You should now see the newly created security group with all the firewall rules needed.
Don't manually edit resources deployed using CloudFormation
Manually editing resources that were deployed through CloudFormation can cause issues in future updates or deployments.
Updating the security group created by CloudFormation
Whenever there are changes in TORO's public IPs, the CloudFormation templates maintained by TORO on Github will also be updated. Because of these templates, it will be easy to add the new IPs to your security group. When an IP change does happen, these are the steps you need to do:
This will only work on security groups managed by CloudFormation
This will only work if you have properly followed the instructions above. It cannot be used to update other security groups not deployed via CloudFormation.
- Download the newly updated CloudFormation template.
Go to the CloudFormation dashboard and:
- Select your existing stack.
- Press the Action button.
- Click Update Stack from the list.
Select "Upload a template to Amazon S3", and then select the updated template file.
You will be directed to the Specify Details section, where you should simply press Next.
- You should also press the Next button in the Options section.
Finally, on the Review section, press the Update button. You will be redirected to your stacks and you should see that the status of the stack is UPDATE_IN_PROGRESS, which means, updates are being implemented as of the moment.
In this update, a third IP has been added to the security group. We should see from the VPC dashboard that the security group has been updated, and a third rule has been added to it.
Creating and deploying the Amazon RDS instance
When creating an Amazon RDS instance for use in TORO Cloud, the usual process will apply but it should fulfill the following requirements:
- The RDS instance must have a publicly-accessible endpoint.
- The same firewall configuration that allows TORO Cloud IPs access should be associated with the RDS instance.
While creating the database, in the "Configure advanced settings" step you will be able to set the RDS properties that will allow all that is required above. It is also possible to access these settings after you have created the database.
In the Network & Security section:
- Set the RDS's VPC recently created security group. This is the VPC where the RDS will be provisioned.
- Set the Public accessibility option to Yes. This is to create a publicly-accessible endpoint for the RDS instance.
- Add the VPC security group created earlier to apply the firewall rules (set by the security group) to the RDS instance.
The RDS instance will automatically be deployed after creation. Once the instance has been successfully deployed or re-configured, you should be able to get the endpoint generated by AWS for that instance. That endpoint will be where the Martini instance will connect.
Connecting from TORO Cloud
This part describes how to establish a connection between the Martini instance running on TORO Cloud and the newly created Amazon RDS instance. All you have to do is test your connection when creating a database connection in the Martini instance. If Martini receives a positive response from the RDS instance, then you are all set; a connection can be established between Martini and the RDS instance. However, if you are still unable to connect to the external Amazon RDS instance, here are some things you can try:
- Ensure the user you're using to connect to your database server is allowed remote access.
- Verify from a database client like MySQL Workbench if you can connect to your database.
- Raise a support ticket in our portal or contact AWS support.
A stack is a collection of AWS resources that you can manage as a single unit. In other words, you can create, update, or delete a collection of resources by creating, updating, or deleting stacks. All the resources in a stack are defined by the stack's AWS CloudFormation template. ↩
CloudFormation parameters are input fields that would display during the deployment of the template. It lets the user define needed information before deploying the template. ↩