Using Automation to Deploy AWS Databases
The course is part of this learning path
This course explores how to use automation when creating Amazon RDS databases.
It includes using AWS Secrets Manager for increasing the security of provisioned resources by limiting human intervention.
- Deploy RDS database using CloudFormation
- Understand the role that AWS Secrets Manager can play in managing database usernames and passwords
- Understand the importance of automation and the benefits of using CloudFormation
This course is intended for anyone that needs to learn to automate the deployment of Amazon RDS databases.
To get the most out of this course, you should have a basic understanding of cloud computing using Amazon Web Services.
You should also know how to create relational databases using Amazon RDS.
If you have any questions relating to this course, please contact us at firstname.lastname@example.org.
AWS CloudFormation is an automation tool that helps deploy your AWS cloud resources by using a common language like JSON or YAML to describe your architecture. This provides a method to create reusable gold standard templates for common pieces of your environment.
These repeatable templates help to prevent problems associated with manual entry and ad hoc deployments. By creating cloud formation templates, you give yourself the power to document, index, version control, and manage your architecture just like code.
This includes the ability to peer review entire architectures for faults, and implement security audits that detect vulnerabilities just by sending a text file to the appropriate person. That's particularly hard to do in the on premises environment.
In case you have never seen a CloudFormation template here is a very simple example.
Here we are creating an AWS resource called “MyS3Bucket” that is of type- S3 bucket. If we were to run this through CloudFormation, it would try to create an S3 bucket in whatever region you were currently selected in. As long as the name is available, Cloudformation will go ahead with creation, and fairly quickly you would have your brand new resource created automatically for you.
You can of course create far more complicated templates that build enterprise-level architectures all in one document. However, ideas such as encapsulation and segmentation of your architecture are still important, especially if you move forward with a microservice-based implementation.
Now let's take a look at a more relevant example where we can deploy an RDS database using CloudFormation.
As you can see here, there is a little bit more going on than in the previous template.
This CloudFormation template describes a very simple RDS database that allocates 20 gbs for storage, uses a t2.micro instance for the compute, and is running MySQL.
Now those of you who are more security minded will have noticed a plain text Master user name and password. Leaving this kind of information within a CloudFormation template, or any code for that matter could lead to security breaches and loss of confidential information.
There are a few ways to get around this problem. One of the more common methods is to declare that section as a parameter, where the user will have to enter that information upon the creation of the CloudFormation stack.
This removes the issue of having a plain text password within the document, but still puts some burden on the user to manually enter one more thing and to remember yet another password and username.
I think it would be super helpful to have the whole password and username business completely automated; Allowing us to remove the extra dependency of the human element out of the equation altogether.
To accomplish this task, let's take a look at another service called AWS Secrets Manager. Where we will have the power to remove the hardcoded username and password from our CloudFormation template.
William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.