1. Using aws rds with vpc

    TypeScript

    Certainly! To set up an AWS RDS database within a VPC using Pulumi, we'll go through the following steps:

    1. Create a VPC: Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud.
    2. Create Subnets: Subnets are segments of a VPC's IP address range where you can place groups of isolated resources.
    3. Create a Security Group: Security groups act as a virtual firewall for your instance to control inbound and outbound traffic.
    4. Create an RDS Instance: Amazon RDS is a managed relational database service that provides you with six familiar database engines.

    The following program is written in TypeScript using Pulumi for creating an RDS instance within a VPC. We will use the awsx package for creating the VPC and the aws package for creating the RDS instance.

    Please make sure you have set up AWS credentials and Pulumi before running this code.

    import * as aws from "@pulumi/aws"; import * as awsx from "@pulumi/awsx"; // Creating a new VPC const vpc = new awsx.ec2.Vpc("customVpc", { cidrBlock: "10.0.0.0/16", subnets: [{ type: "public" }], tags: { Name: "custom-vpc", }, }); // Exporting the VPC ID and Public Subnet IDs export const vpcId = vpc.id; export const publicSubnetIds = vpc.publicSubnetIds; // Creating a Security Group for the RDS instance const rdsSecurityGroup = new aws.ec2.SecurityGroup("rdsSecurityGroup", { vpcId: vpc.id, description: "Allow inbound access", ingress: [ { protocol: "tcp", fromPort: 5432, // Adjust port according to the RDS engine you are using, e.g., 3306 for MySQL. toPort: 5432, cidrBlocks: ["0.0.0.0/0"], // Restrict this in your production environment! }, ], egress: [ { protocol: "-1", fromPort: 0, toPort: 0, cidrBlocks: ["0.0.0.0/0"], }, ], tags: { Name: "rds-security-group", }, }); // Exporting the Security Group ID export const securityGroupId = rdsSecurityGroup.id; // Creating an RDS instance const dbInstance = new aws.rds.Instance("mydbInstance", { allocatedStorage: 20, storageType: "gp2", engine: "postgres", // Specify the engine, e.g., mysql, oracle, postgres, mariadb, etc. engineVersion: "13.3", // Adjust the engine version instanceClass: "db.t3.micro", // Choose the instance class name: "mydatabase", username: "admin", password: "password", // Replace with a strong password parameterGroupName: "default.postgres13", dbSubnetGroupName: new aws.rds.SubnetGroup("mySubnetGroup", { // Create a DB subnet group subnetIds: vpc.privateSubnetIds, }).name, vpcSecurityGroupIds: [rdsSecurityGroup.id], skipFinalSnapshot: true, deletionProtection: false, // Enable in production tags: { Name: "mydb-instance", }, }); // Export database identifiers export const dbInstanceIdentifier = dbInstance.id; export const dbInstanceEndpoint = dbInstance.endpoint;

    In this program:

    • We create a new VPC with both public and private subnets using awsx.ec2.Vpc.
    • We define a security group for RDS within the created VPC to control inbound and outbound traffic using aws.ec2.SecurityGroup. Be cautious with the ingress rules in a production environment.
    • We then create an RDS database instance using aws.rds.Instance, configuring it with the security group and subnets previously created.
    • We also export some resources' identifiers and endpoints which might be needed for further operations or connections.

    Important note: Replace "password" with a secure password and adjust the ingress rules for the security group as per your requirements, especially in a production environment. For simplicity and demonstration purposes, the access is open to the world with "0.0.0.0/0", which should be replaced with actual IP ranges.

    To run this Pulumi program:

    1. Create a new Pulumi program, if you haven't already.

    2. Add the dependencies using npm or yarn:

      npm install @pulumi/aws @pulumi/awsx

      or

      yarn add @pulumi/aws @pulumi/awsx
    3. Place the TypeScript code into index.ts.

    4. Run pulumi up to preview and deploy the resources.