RDS
Background[edit | edit source]
RDS is the AWS service used as the KPT data store.
Detail[edit | edit source]
Currently a single micro RDS instance is used, and runs Postgres 15.
Backup snapshots are taken daily at ~5am and the most recent three are retained.
Maintenance window is set at ~5.30am each Saturday (half an hour).
Instance is 'publicly accessible' but is within a VPC where access is controlled via a security group (rds-lambda-3). A minimal number of access rules is maintained here.
Architecture[edit | edit source]
The Amazon RDS instance is hosted in a VPC (VPC ID: vpc-0d9ae0dc18a4c83f3).
The RDS instance is located in a private subnet (subnet-07e07e8f5a47d75ba) for security reasons.
Public access is disabled to enhance security and prevent unauthorized access.
Accessing the RDS Instance[edit | edit source]
Bastion Host (EC2 instance) is used to access the RDS.
The Bastion Host is deployed in the same VPC but in a public subnet.
SSH tunneling is used to connect to the database securely.
SSH Tunneling Method 1 (Command Line)[edit | edit source]
Use the following SSH command to establish a tunnel:
ssh -i [your key].pem -N -L 5433:kaute.cwrpufuni4fh.ap-southeast-2.rds.amazonaws.com:5432 ubuntu@13.236.123.4
Connect to the Database using:
Server : Localhost
Port : 5433 (local port)
SSH Tunneling Method 2 (DBeaver)[edit | edit source]
Configure DBeaver SSH settings to use the Bastion Host.
Add the Bastion Host IP details in the SSH connection settings tab.
Connect to the database using:
- Host:
kaute.cwrpufuni4fh.ap-southeast-2.rds.amazonaws.com - Port:
5433(local port)
Apache Superset Access[edit | edit source]
Apache Superset is deployed in the same VPC and public subnet
TODO[edit | edit source]
- Consider 'right sizing' with a reserved instance to reduce overall costs, once target state for usage is clearer.