Creating and connecting to an Amazon RDS

Creating and connecting to an Amazon RDS Custom database instance for SQL Server

AWS, How to By Oct 17, 2022 No Comments

You may construct an RDS Custom DB instance and then access it using the Remote Desktop protocol or AWS Systems Manager (RDP).

Creating a RDS Custom SQL server DB instance

Use the AWS management console or the AWS CLI to create an Amazon RDS custom for SQL server DB instance. The process is comparable to that used to set up an Amazon RDS DB instance.

Creating an Amazon RDS DB instance for further details.

Console

An RDS Custom for SQL server DB instance can be created by

1- Open the Amazon RDS console by logging into the AWS Management Console at https://console.aws.amazon.com/rds/.

2- Select databases from the navigation window.

3- Simply choose to Create Databases

4- For the database creation technique, choose Standard create.

5- Select Microsoft SQL Server as the engine type from the list of available engines.

6- Select Amazon RDS Custom under the database management category.

7- Select the desired DB engine edition from the edition area. There are three options for RDS custom for SQL server: Enterprise, Standard, and Web.

8- Keep the default setting for SQL Server 2019 for the database version.

9- Select production for templates.

10- Give the DB instance identification a distinctive name in the settings section.

11- Do the following to input your master password:
     * Open Credential Settings in the settings section.
     * bUncheck the option that says "Auto create a password."
     * In the Master password and Confirm password fields, modify the master username value and use the same password.

The master user's password is automatically created by the new RDS Custom DB instance by default.

12- Select a value for DB instance class in the DB instance size section. See DB instance class support for RDS custom for SQL server for a list of supported classes.

13- Select Storage options.

14- Complete the following steps for RDS Custom security:
 
   * Select the instance profile for your RDS custom for SQL server DB instance under IAM instance profile. For instance, AWSRDSCustomInstanceProfileForRdsCustomInstance is an example of an IAM instance profile that must start with AWSRDSCustom.

   * To encrypt, To view a list of the available AWS KMS keys, choose input a key ARN. Afterward, pick your key from the list. RDS Custom requires an AWS KMS key. Make sure you have an AWS KMS key for symmetric encryption for additional details.

15- Enter the parameters for your desired RDS custom DB instance in the remaining sections. For details on each configuration, see Settings for DB Instances. The following options are unavailable and not supported in the console:
	* Process characteristics
	* Automatic storage sizing
	* Accessibility and endurance
	* Database authentication options include password and Kerberos (only password authentication is supported)
	* Additional settings come from the database options group.
	* Insight into performance
	* Exporting logs
	* Activate automatic minor version upgrades

  There is support for backup retention period, however you cannot select 0 days.

16- Pick Create Database. 
   * On the Databases page, there is a button that says "see credential details." 
   * Select View credential details to see the master user name and password for the RDS Custom DB instance. 
   * Use the username and password that appear to correct the DB instance as the master user.

17- To view the list of RDS custom instances, choose databases.

18- Select the newly established RDS Custom DB instance. The information for the new RDS Custom DB instance may be seen on the RDS console:

   * Until the RDS Custom DB instance is constructed and ready for usage, the DB instance has a state of construction. You can connect to the database instance once the state is available. The time it takes for the new DB instance to become accessible might vary depending on the instance type and storage allotted.
   * Role holds the instance of value (RDS Custom).
   * Full automation is a benefit of RDS Custom automation mode. This parameter enables automated monitoring and instance recovery for the DB instance.

Custom service-linked role for RDS

Resources in your AWS account are accessible to Amazon RDS Custom through a service related role. Because you don’t have to manually provide the required permissions, utilizing RDS custom is simpler. Only RDS Custom is authorised to take its service-linked responsibilities, and RDS Custom alone determines the permissions of those roles. The trust policy, the permissions policy, and other permissions are included in the declared permissions; however, no other IAM entity may be associated to the permissions policy.

The Amazon RDS and RDS Custom service-linked roles are both generated (if they don’t already exist) and utilised when you build an RDS Custom DB instance. See Using service-linked roles for Amazon RDS for further details.

AWS System Manager connection to your RDS Custom DB instance.

You may use AWS Systems Manager session manager to establish a connection to your RDS Custom DB instance after it has been created. You may control Amazon EC2 instances using the systems management feature known as session manager using an AWS CLI or browser-based shell. Visit AWS Systems Manager Session Manager for further details.

Console

To connect to your DB instance using Session Manager

1- Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.

2- In the navigation pane, choose Databases, and then choose the RDS Custom DB instance to which you want to connect.

3- Choose Configuration.

4- Note the Resource ID value for your DB instance. For example, the resource ID might be db-ABCDEFGHIJKLMNOPQRS0123456.

5- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

6- In the navigation pane, choose Instances.

7- Look for the name of your EC2 instance, and then choose the instance ID associated with it. For example, the instance ID might be i-abcdefghijklm01234.

8- Choose Connect.

9- Choose Session Manager.

10- Choose Connect.

A window opens for your session.

Use RDP to connect to your RDS Custom DB instance

You connect to your RDS Custom DB instance using an RDP client after creating it. Similar steps are taken to connect to an Amazon EC2 instance. See Connect to your Windows instance for further details.

You require the key pair connected to the instance of the DB in order to connect to it. You get the key pair created by RDS Custom. The prefix do-not-delete-rds-custom-DBInstanceIdentifier is used in the pair name. Your private key is kept secretly by the AWS Secrets Manager.

Follow these steps to finish the task:

  1. Set your database instance up to accept RDP connections.
  2. Obtain your private key.
  3. Use the RDP tool to establish a connection to your EC2 instance.

Set up your database instance to accept RDP connections.

Configure your VPC security group and put a firewall rule on the server to permit RDP connections.

Set up the security group for your VPC.

Make that the VPC security group connected to your DB instance accepts Transmission Control Protocol incoming connections on port 3389. (TCP). Visit Configure your VPC security group to find out how to set up your VPC security group.

Set the firewall rule on the host

Create a firewall rule on the host to allow inbound TCP connections on port 3389. These are demonstrated in the examples that follow.

Use the specific -Profile value: Public, Private, or Domain, as per our advice. Any refers to each of the three values. Additionally, you may enter several values seperated by commas. Consult the Microsoft documentation’s Set-NetfirewallRule section for further details on how to set firewall rules.

To set a firewall rule using the Systems Manager CLI commands

As demonstrated in Connecting to your RDS Custom DB instance using AWS Systems Manager, open Session Manager.

Execute the next command.

Set-NetFirewallRule -DisplayName “Remote Desktop – User Mode (TCP-In)” -Direction Inbound -LocalAddress Any -Profile Any

To set a firewall rule using the Systems Manager CLI commands

For the host to launch RDP, use the following command.

OPEN_RDP_COMMAND_ID=$(aws ssm send-command –region $AWS_REGION \ –instance-ids $RDS_CUSTOM_INSTANCE_EC2_ID \ –document-name “AWS-RunPowerShellScript” \ –parameters ‘{“commands”:[“Set-NetFirewallRule -DisplayName \”Remote Desktop – User Mode (TCP-In)\” -Direction Inbound -LocalAddress Any -Profile Any”]}’ \ –comment “Open RDP port” | jq -r “.Command.CommandId”)

Get the status of the preceding command by using the command ID that was returned in the output. Make sure the jq plug-in is installed before using the following query to retrieve the command ID.

aws ssm list-commands \ –region $AWS_REGION \ –command-id $OPEN_RDP_COMMAND_ID

Obtain your hidden key.

Either the AWS CLI or the AWS Management Console may be used to retrieve your secret key.

Console

To obtain the hidden key:-

1- Open the Amazon RDS console by logging into the AWS Management Console at https://console.aws.amazon.com/rds/.

2- Select Databases from the navigation pane, then select the RDS Custom DB instance you wish to connect to.

3- Selecting the configuration tab.

4- Take note of your database instance ID, such as my-custom-instance.

5- Navigate to https://console.aws.amazon.com/ec2/ to access the Amazon EC2 console.

6- Choose instances in the navigation pane.

7- Find the EC2 instance name, then choose the instance ID that goes with it. The instance ID in this case is i-abcdefghijklm01234.

8- Look for Key pair name in Details. The DB identification is present in the pair name. The pair name in this instance is rds-custom-my-custom-instance-0d726c.

9- Locate Public IPv4 DNS in the instance summary. The public DNS for this server may be ec2-12-345-678-901.us-east-2.compute.amazonaws.com, for instance.

10- Visit https://console.aws.amazon.com/secretsmanager/ to access the AWS Secrets Manager console.

11- Select the secret whose name corresponds to the names of your key pair.

12- Select recover secret value.

Utilize RDP to connect to your EC2 instance.

Observe the steps in The Amazon EC2 User Guide for Windows Instances describes how to connect to your Windows instance via RDP. This process is predicated on the idea that you produced a.pem file with your private key.

Author

I'm Abhay Singh, an Architect with 9 Years of It experience. AWS Certified Solutions Architect.

No Comments

Leave a comment

Your email address will not be published. Required fields are marked *