1. Using aws rds with account

    TypeScript

    To set up an AWS RDS instance with an associated database account, you'll first want to familiarize yourself with two key AWS services that Pulumi can help you provision:

    1. Amazon RDS (Relational Database Service): This is a managed database service that allows you to create and operate relational databases in the cloud. It provides scalable and secure database instances and manages time-consuming database administration tasks, such as hardware provisioning, database setup, patching, and backups.

    2. RDS DB Instance: This is the core of Amazon RDS, where you run your databases. It's an isolated database environment in the cloud and can contain multiple user-created databases.

    3. RDS DB Account: These are the user accounts you create to access the databases within your DB instance. You can define permissions and roles for each account.

    Here's how you can use Pulumi to provision an RDS instance and a related database account:

    1. Define your RDS instance, specifying the engine, instance type, allocated storage, and other parameters.
    2. Create a database user account with a username and password that applications can use to access the database.

    Below is a TypeScript program that demonstrates how to accomplish this. The program creates an RDS instance and sets up a master user account:

    import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; const dbInstance = new aws.rds.Instance("my-db-instance", { // Specifies the name of the database to create when the DB instance is created. // If this parameter is not specified, no database is created in the DB instance. dbName: "mydatabase", // Specifies the database instance class. Ex: "db.t2.micro", "db.m5.large" instanceClass: aws.rds.InstanceTypes.T2_Micro, // Specifies the name of the database engine to be used for this instance. // Valid values: "mariadb", "mysql", "oracle-se1", "oracle-se2", "oracle-ee", "postgres", "sqlserver-ee", // "sqlserver-se", "sqlserver-ex", "sqlserver-web" engine: "mysql", // Specifies the major version of the engine that you want to use. engineVersion: "8.0.20", // Specifies the amount of storage (in gigabytes) to be initially allocated for the database instance. allocatedStorage: 20, storageType: "gp2", // General purpose SSD storage. // Contains the master username for the new DB instance. username: "myadmin", // Contains the master password for the new DB instance. password: "MySecurePassword123!", // A value that indicates whether the DB instance is an internet-facing instance. // If you specify true, AWS assigns an instance an IP address that's accessible over the internet. publiclyAccessible: true, // Specifies the number of days for which automatic DB snapshots are retained. backupRetentionPeriod: 7, // Specifies whether the database is encrypted. storageEncrypted: true, // Specifies the ID of the VPC security groups to associate with this DB instance. vpcSecurityGroupIds: [ "sg-xxxxxxxx" ], // Specifies if the mapping of AWS Identity and Access Management (IAM) accounts // to database accounts is enabled. iamDatabaseAuthenticationEnabled: true, // Specifies the VPC subnet group ID to be used for this instance if you want to specify a subnet group for a VPC. dbSubnetGroupName: "my-subnet-group" }); // The instance endpoint to connect to the database export const dbEndpoint = dbInstance.endpoint; // The instance URL to connect to the database export const dbEndpointUrl = pulumi.interpolate`mysql://${dbInstance.username}:${dbInstance.password}@${dbInstance.endpoint}/`;

    In this program:

    • We use aws.rds.Instance to create the RDS instance (AWS RDS Instance Documentation).
    • The dbEndpoint is exported to provide the address of the instance to connect to your database.
    • The dbEndpointUrl shows a constructed example URL for connecting to the RDS instance, which might be used in application code or databases clients. However, never expose sensitive information such as credentials in plain text in production settings.

    Note: The provided RDS DB instance will be internet-facing (publiclyAccessible: true). This might not be suitable for production environments due to security concerns. For production databases, consider setting this to false, accessing it over a VPN or from within the same VPC, and managing security groups and subnets appropriately.

    Always replace MySecurePassword123! with a strong, secret password or use a secret management service, and sg-xxxxxxxx with your actual security group ID. The subnet group my-subnet-group should also be an existing one. If it's not, you need to create a DbSubnetGroup resource first.

    Please be aware of AWS costs incurred by running instances and be sure to shut down resources when not in use.