Getting Started with RDS


RDS: Relational Database Service
Going NoSQL with DynamoDB
Start course

Databases are among the most used applications in the cloud (or anywhere else, for that matter). Managing data is exactly what computers were invented for, so it should come as no surprise that a great deal of attention is focused on the many different Database Management Systems and Data Management tools that are available.

This course will cover AWS's database solutions. It is split in two parts, the first is dedicated to the two most important Database services in the Amazon family: RDS, a relational database supporting DBMS like MySQL, PostgreSQL, Oracle, and MSSQL; and DynamoDB, a powerful NoSQL DBMS adopting the key-value data model. The second part is about the more advanced AWS database systems like Elasticache, RedShift, and SimpleDB.


Who should take this course

For this beginner course, you'll require no special prerequisites. Nevertheless, some experience with Databases and at least a basic knowledge of the related jargon might be helpful. If you are completely new to the cloud, you might benefit from our Introduction to Cloud Computing course. You might also find the AWS general introduction course interesting interesting if you are not yet that familiar with the AWS cloud platform.

If you want to test your knowledge of the basic topics covered by this course, we strongly suggest you take our quiz questions. Another nice follow up to this course is our RDS lab, where you can get your hands dirty with a real RDS instance in the cloud, and Databases on AWS - part 2.


Security Groups are sets of rules that control the access, the traffic has in and out of a database instance. Three types of Security Groups are used with Amazon RDS; Database Security Groups, VPC Security Groups and EC2 Security Groups.

Briefly a DB Security Group controls access to a DB instance that is not in a VPC. A VPC Security Group controls access to a DB instance or other AWS instances inside a VPC. And an EC2 Security Group controls access to an EC2 instance.

By default network access to a database instance is turned off. Note that the AWS accounts created after March 2013 have a default VPC, a DB instance will be created in that VPC, so your DB instances in that VPC require that you add rules to a VPC Security Group to allow access to the instance. In this case you first need to determine what platforms are supported for your AWS account in your current region.

Sign in to the AWS management console and open the Amazon RDS console. Then in the Resources section look at supported platforms. It says, "EC2 VPC". Your AWS account in the current region does not use a default VPC and you can create a DB Security Group that will enable access to your DB instance by clicking on 'Security Groups' in the navigation pane on the left side of the window.

Then click on, 'Create DB Security Group'. You can give a name and a description to this security group, then click on, 'Yes, Create'.

Now you need to add rules to grant access from specific EC2 Security Groups or CIDR IP ranges and you must associate that DB instance with that DB security group. Once rules are configured for a DB security group they apply to all DB instances associated with that DB security group.

Choose 'Security Groups’ from the navigation pane on the left side of the console window. Then select the 'Details' icon for the DB security group you want to authorise.

In 'Security Group Details' section, select 'CIDR/IP' from the 'Connection Type' drop-down list. Type the CIDR range into the 'CIDR Text Box' and click 'Add'. The status of the ... rule will be "Authorising" until the new rule has been applied to all database instances that are associated with the DB security group you modified. After the rule has been successfully applied the status will change to 'Authorised'.

If supported platforms indicate VPC instead, your AWS account in the current region uses a Default VPC. This means that you must create a VPC security group to enable access to a DB instance instead of a DB security group.

To create a VPC Security Group, sign in to the AWS management console and open the Amazon VPC console. In the top right corner of the AWS management console select the region in which you want to create the VPC security group and the DB instance.

In the navigation pane, click on 'Security Groups', then click 'Create Security Group'. In the 'Create Security Group' window, type the name and description of your security group, then select the VPC that you want to create your DB instance in and finally click on, 'Yes, Create'.

The VPC security group you created should still be selected. The 'Details' pane at the bottom of the console window displays the details for the security group and tabs for working with inbound and outbound rules. To configure the inbound rules click the 'Inbound Rules' tab. On the 'Inbound Rules' tab click 'Edit', select 'Custom TCP Rule' from the "Type" list. Type your port range in the "Port Range" text box and then choose the appropriate source in the "Source" text box. You'll learn more about the "Source" field shortly.

If you need to add more IP addresses or different port ranges, click 'Add another rule' and if you need to, you can use the "Outbound Rules" tab to add rules for outbound traffic. When you're finished, click 'Save'.

Now that you have a security group available you can finally create your RDS DB instance. Let's see how to create a MySQL-based one using the console.

In the top right corner of the Amazon RDS console select the region in which you want to create the DB instance. In this example we'll choose an European one. In the navigation pane click on 'Instances'. Then click on 'Launch DB Instance', on top of the page as you can see. The "Launch DB Instance" wizard opens. Now choose the MySQL database engine. You'll be recommended to use Multi-AZ Deployment and Provisioned IOPS Storage as defaults whilst creating this instance. Anyway we don't need them for this example.

Let's click 'Next' to move on to the "DB Details" page. MySQL is a free software so let's choose 'general-public-license' for the "License Model' parameter, the only possible choice. Select your preferred version of MySQL in the database version field.

Note that Amazon RDS supports multiple versions of MySQL in some regions. We'll pick 5.5.27 version here. Now select the database instance class in the "Database Instance Class" field.

We'll select 'DB.m1.small' which is the configuration that equates to 1.7 GiB of memory, 1 vPCU, that is, one Virtual Core with one Engine Control Unit, a 64-bit platform and moderate I/O capacity.

Again here you can choose to use the Multi-AZ Deployment and Provisioned IOPS features for your database instance. We choose 'No' for both of them in this example.

Finally allocate 5 GB of storage for your database by typing '5' in 'Allocated Storage' box.

Now type the name for the database instance that is unique for your account in the region you selected. You may choose to add some intelligence to the name such as including the region and DB engine you selected. For example, 'EU-mysql-instance-test'.

To log on to your database instance you need to choose a username and password.

Now you can go to Step 4 to "Configure Advanced Settings". Here you need to configure some features about the "Network & Security", database, backup and maintenance.

In "VPC" box you should select the Virtual Private Cloud or VPC that defines the virtual networking environment for the DB instance. Select 'default' for "DB Subnet Group" parameters to define which subnets and IP ranges the DB instance can use in the VPC you selected.

For "Availability Zone" parameter it's safe to leave the default of 'No Preference' unless you want to specify a particular Availability Zone.

For "VPC Security Group(s)" select the security group we created a few minutes ago. In the database names box you can choose a name for your database.

Specify the TCP/IP port the database instance will listen on for application connections in the "Database Port" field. Please note that ... the security group apply to the database instance and your company's firewalls must allow connections to the port, selects the database "Parameter Group" and "Option Group" that define the configuration settings you want applied to this database instance.

Finally in "Backup" and "Maintenance" sections you can configure the features for backup and version upgrading according to your needs.

Now you can finally launch your database instance. It's enough to click on 'Launch DB Instance'. You will see a page confirming the creation of your DB.

Once Amazon RDS provisions your DB you can use any standard SQL client application to connect to a database on the DB instance. In this example we'll use, 'MySQL Workbench' which is a GUI-based application to connect to our sample database on the DB instance. Open the application and follow the procedure as you're seeing it right now.

You need to define the "Connection Method" based on the settings you configured in the security group, so enter the "Hostname", "Username" and "Password" of your database instance.

If everything is properly configured you're now connected to your database instance and have access to the databases inside of it.



About the Author
Mohammad Ali Tabibi
Software Engineer

Computer Engineer and Cloud Expert