Lovingly copied from CDK Patterns from their RDS Proxy section for learning how to use Lamby with Database Connections. Includes the following changes:
- Usage of Docker to encapsulate the project.
- Removed API Gateway & Lambda resources.
- Pass your VPC ID via the
VPC_IDenvironment variable.
- Changing the subnets from
PUBLICtoPRIVATE. - Locking down the security groups.
- Create distinct root and user accounts.
- Use a SecureString type in SSM.
All that is needed is Docker and your AWS account setup. This will install the Docker container and run npm setup.
$ ./bin/bootstrap
$ ./bin/setupPlease export the VPC_ID variable. Most AWS accounts have a default VPC and the ID can be found by navigating to Services -> VPC within the AWS Console. If needed, you can create a new VPC using this My CDK VPC project.
Optionally, you can export or pass an AWS_PROFILE (defaults to "default") environment variable. This will automatically set the CDK_DEFAULT_ACCOUNT value. Likewise, you can pass or export AWS_DEFAULT_REGION (defaults to us-east-1) too.
$ DB_NAME=myapp VPC_ID=vpc-01a23b45c67d89e01 ./bin/deployThe stack's outputs will contain the following information.
MyDbCredentialsArnMyDbProxyDbUrlParameterNameMyDbInstancEndpointMyDbProxyEndpoint
Using the MyDbCredentialsArn value you can view your new root username & password by running the following command or by viewing it in the AWS Console under Secrets Manager.
$ aws secretsmanager get-secret-value \
--secret-id "arn:aws:secretsmanager:..." \
--query SecretString \
--output textSince this stack is created in your public subnets, you can use your favorite RDMBS tool like MySQL Workbench to connect to your RDS instance using the MyDbInstancEndpoint output.