rds-cli v0.1.6
Overview
This AWS CDK project is designed to save time and reduce duplicated work when provisioning Amazon RDS instances. It automates the creation of AWS resources such as RDS secrets for CI, APP, and Readonly users, security groups, RDS proxy security groups, RDS proxy role, RDS database instance, RDS proxy, and RDS proxy target group. Additionally, the project provides output of the database related endpoints and names.
Prerequisites
Before you can use this AWS CDK project, you must have the following prerequisites installed and configured:
- AWS CLI
- Node.js and npm
- AWS CDK CLI
You must also have appropriate AWS credentials configured on your system.
Installation
Clone this repository to your local machine. Navigate to the root directory of the project in your terminal or command prompt. Run npm install to install the project dependencies.
The cdk.json file tells the CDK Toolkit how to execute your app.
Usage
RDS-CLI repo
Modify the properties of the RdsStackProps interface to match your desired configuration for the RDS instance. Save the file.
In your terminal or command prompt, run the following command to provision the RDS instance:
cdk deploy
This will deploy the RDS instance and associated resources to your AWS account.
When the deployment is complete, the AWS CloudFormation console will display the output values for the stack. These values will include the endpoint and name of the RDS instance and other relevant information.
Other repos
- Install rds-cli npm module
run npm install rds-cli
- Provisioning the rds resources with specified DB, TIER, SIZE
- DB - database name , e.g fracture-segmentation
- TIER - AWS InstanceClass , e.g t2, t3 https://docs.aws.amazon.com/cdk/api/v1/java/software/amazon/awscdk/services/ec2/InstanceClass.html
- SIZE - AWS InstanceSize, e.g mirco, small, https://docs.aws.amazon.com/cdk/api/v1/java/software/amazon/awscdk/services/ec2/InstanceSize.html
run DB=fracture-segmentation TIER=t2 SIZE=small ENVIRONMENT=test rds
CDK_DEFAULT_REGION and CDK_DEFAULT_ACCOUNT are read from the current aws credential. To run it locally, both of the environment variable are required.
Cleanup
When you are finished with the RDS instance, you can remove it from your AWS account to avoid incurring additional charges. To do this, run the following command in your terminal or command prompt:
cdk destroy
This will remove all resources associated with the stack.
Useful commands
npm run buildcompile typescript to jsnpm run watchwatch for changes and compilenpm run test:coverageperform the jest unit tests with coverage outputnpm run testperform the jest unit testsnpm run auditcheck auditnpm run audit:fixfix auditnpm run lintcheck lint errornpm run lint:fixauto fix general lint errornpm run pretty:checkcheck the code formatnpm run pretty:fixcode prettiernpm run cicheck code style, lint error and audit issuenpm run patch-releaserelease the command rds-clicdklist the ckd commandscdk deploydeploy this stack to your default AWS account/regioncdk diffcompare deployed stack with current statecdk synthemits the synthesized CloudFormation template
Naming conventions
Given {pascalDbName : 'CdkTestDb', snakeDbName : 'cdk-test-db'}
| Resources | Name | Notes |
|---|---|---|
| AWS::SecretsManager::Secret | cdk-test-db-test-RDS-ReadonlySecret | username: CdkTestDb_readonly, password: uuidv4, ssmUsername:/rds/cdk-test-db/test/readonly/username, ssmPassword:/rds/cdk-test-db/test/readonly/username |
| AWS::SecretsManager::Secret | cdk-test-db-test-RDS-CISecret | username: CdkTestDb_ci, password: uuidv4, ssmUsername:/rds/cdk-test-db/test/ci/username, ssmPassword:/rds/cdk-test-db/test/ci/username |
| AWS::SecretsManager::Secret | cdk-test-db-test-RDS-AppSecret | username: CdkTestDb_app, password: uuidv4, ssmUsername:/rds/cdk-test-db/test/app/username, ssmPassword:/rds/cdk-test-db/test/app/username |
| AWS::IAM::Role | CdkTestDbRDSProxyRole | |
| AWS::EC2::SecurityGroup | CdkTestDbRDSProxySecurityGroup | |
| AWS::EC2::SecurityGroup | CdkTestDbRDSSecurityGroup | |
| AWS::RDS::DBInstance | cdk-test-db-test | DBName: cdktestdbtest DBInstanceIdentifier: cdk-test-db-test, MasterUsername: CdkTestDb_ci, MasterUserPassword: uuidv4 |
| AWS::RDS::DBProxy | cdk-test-db-rds-proxy` | |
| AWS::RDS::DBProxyTargetGroup | default | |
| Outputs | CdkTestDbDatabaseProxy, CdkTestDbDatabaseHost,CdkTestDbDatabasePort,CdkTestDb`DatabaseName |
8 digits will be added to resource name to make sure it's global unique
Issues
- Fn:Import value doesn't work properly in AWS-CDK, to resolve the problem, we would need to read the data from ssm or read from stack details
- RdsProxy IAMAuth is attached to Proxy rather than DBSecrets, so we can't have different IAMAuth configuration for the secrets under the RdsProxy. To resolve the issue, we override the generated raw CF (This approach can deal with most of the scenarios where the cdk lib's output mismatch the CF configuration).
- To create the credential and put it into ssm, we would need to check its existence, fetch ssm will throw an exception and terminate the deployment processes even if we captured the exception. To avoid the exception being thrown, we have to read the parameter describes to check existence.
- DBProxyTargetGroup deployment can't be processed successfully when the proxy is added to rds instance. To resolve the issue, the connection has to be bind explicitly. https://github.com/aws/aws-cdk/issues/8919, https://github.com/aws/aws-cdk/pull/12953
Extension
To make it more usable, we could potentially enhance the index.js file to support the optional arguments with echo
To support more features, we can create a new cli command line
"bin": {
"rds": "bin/index.js"
"ssm": "bin/ssm.js"
},Conclusion
This AWS CDK project can save you significant time and effort when provisioning Amazon RDS instances. It automates the creation of resources and provides output values that can be used to configure your applications to use the new RDS instance. By using this project, you can quickly and easily provision RDS instances without having to manually create and configure each resource.