In AWS, I'm creating a Read Replica DB, using the actions option in the console UI.
Source information -
region/az: us-west-2b
Destination information -
region: us-east-2
I have 2 VPCs in the east-2 region, but only one of them shows up in the drop-down list for the DB target. [in addition to the default VPC] .
It appears both VPCs are setup the same, so I'm not sure why only one would show.
Any thoughts?
I was mistakingly thinking the drop-down list was for VPCs.
The VPCs aren't listed as a target - it's a 'DB Subnet group' that is created, and allows the connection to the VPC.
The DB subnet group needs to be created prior to creating the DB read replica.
When setting up an Aurora DB POC, this was done automatically, so the original VPC had an entry in the list.
Related
I currently have the typical setup of an RDS cluster with 1 instance running in a private subnet. I am migrating our application out of AWS and into Heroku (while leaving the DB as is), but I need to be able to connect to the DB from the Heroku dynos.
What I can't figure out is how to move the DB out of the private subnet and into a public one.
The AWS docs have instructions for moving from public to private, and I thought I could just follow them for the opposite direction too. But the process involves standing up a new secondary in the desired subnet using Multi-AZ configuration and a failover. But when I go to Modify my instance, there is no option for configuring Multi-AZ:
It seems like Aurora instances in particular do not support Multi-AZ? "Multi-AZ DB clusters are in preview for RDS for MySQL and RDS for PostgreSQL" Leaving me somewhat stuck.
Edit I did just see this message elsewhere: "You have no Aurora Replicas in your DB cluster." which might be why Multi-AZ is not available. But I'm not seeing any options to spin up a replica anywhere.
Again my goal is to get my Aurora DB into a public subnet (or otherwise make it accessible from the internet, but not through an SSH tunnel)
The Availability Zone options are in the "Availability & durability" section above "Connectivity" FYI
I just had your same issue but with a Postgres DB, though I have the option to change its "Subnet group" in the Connectivity section, which you don't have it seems, but it only appears for me if the DB is NOT currently multi-AZ. AWS will prevent you from moving the DB between subnet groups* in the same VPC, but you can just move the DB to a subnet group in a different VPC and then move it back to the subnet group that you actually want it in (configured with the appropriate public subnets).
*You can create subnet groups in the RDS service, left side menu.
I'm trying to create an AWS RDS using CLI, usually I create it using AWS Console. When I try to create an RDS instance, I saw these 2 parameters:
--db-security-groups
--vpc-security-group-ids
What is the difference between these 2 values? I couldn't find a value related to --db-security-groups via the console. These are the definitions that AWS provides in the documentation:
--db-security-groups (list)
A list of DB security groups to associate with this DB instance.
Default: The default DB security group for the database engine.
--vpc-security-group-ids (list)
A list of Amazon EC2 VPC security groups to associate with this DB
instance.
Amazon Aurora Not applicable. The associated list of EC2 VPC security
groups is managed by the DB cluster.
Default: The default EC2 VPC security group for the DB subnet group's
VPC.
I still couldn't understand, what is the difference. Or is there any security group specific to DB only?
This is explained in AWS docs:
DB security groups are used with DB instances that are not in a VPC and on the EC2-Classic platform.
These days you would use only vpc-security-group-ids, unless you have old aws account.
The detailed comparison is also in [the docs](DB security groups vs. VPC security groups):
DB security groups vs. VPC security groups
I haven't changed my vpc/subnet settings since making an aws account, and I've recently found my rds instance is apparently in 3 subnets (subnet is listed as default with 3 subnet names underneath), one of which also has my application server. Is it necessary to have my rds in all 3 subnets? I want to move it to a separate subnet away from the application server and make it private - if that's the case is there anything in particular I will need to do?
Typically, an Amazon RDS instance is running on one server in one subnet.
However, when launching the database, you are asked to provide a Subnet Group, which identifies which subnets the database could launch in. These are typically private subnets within the VPC.
If you are using a Multi-AZ database, then it will use two subnets -- one for the Master (running) database and one for the secondary (standby) database.
It is also possible to create Read Replicas that could be in a different subnet to the Master database.
Bottom line: You are probably viewing the list of subnets in the Subnet Group that it can use, but it is likely to only be in one subnet at the moment.
I have one Oracle SE instance that is not multi-az and does not have encryption enabled, and I have an Oracle EE instance that is multi-az and has encryption enabled. The former has the option to change the subnet group through the console (modify instance > network and security), whereas the latter does not. Both instances are in a subnet group within the default vpc, and I have a custom vpc within the same account with another subnet group in it.
What conditions determine whether or not it is possible to change the subnet group of an RDS instance? I have not been able to find any documentation on this so far.
It is the Multi AZ Deployment that is the determining factor. To test this, modify your DB instance and turn off the Multi AZ Deployment. Once it is done, go modify it again and you'll notice you now have the option to change the subnet group.
I haven't found any indication as to the reason for this behavior in the AWS documentation.
As #hackakhan mentioned, you need to have Multi AZ Deployment turned off to modify the DB subnet group of an RDS instance. Unfortunately, the RDS instance will only be migrated to one of the subnets from the new DB subnet group if the new DB subnet group resides in a different VPC. You could create a temporary VPC to migrate away the RDS instance only to migrate it back to your existing VPC and the right DB subnet group within that VPC.
The AWS Premium Support Knowledge Center has a detailed explanation of the steps involved: https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-rds-db-instance/
My understanding
RDS instances can't be migrated from one database subnet group to another if:
The destination database subnet group is in the same VPC as the current group
The instance has the multi-availability zone setting enabled
What worked for me
Creating the subnet group within my VPC that would be the eventual home of my RDS instance
Creating a temporary database subnet group in the "DEFAULT" VPC (my RDS instance has previously been a subnet group in a VPC that I had provisioned, not the default one) consisting of the three subnets that belong to the "DEFAULT" VPC—this can be done in the RDS section of the AWS Console, no need to go to the VPC section
Modifying the instance's subnet group to the newly created group (from 2.)
Modifying the instance's subnet group to its eventual home within my original VPC (from 1.)
I'm trying to move an existing Redshift database from one AWS account to another following How do I transfer ownership of an Amazon Redshift cluster to a different AWS account?. I've successfully created a snapshot of the old database and given the new account access to it. Both accounts have different VPCs.
When I try to restore a cluster from that snapshot, I receive the following error message:
You have no subnet groups that are suitable for restoring this snapshot to VPC.
Is it possible to restore a Redshift cluster to another VPC? I can't create a Subnet to the old VPC since it's in my new AWS account.
You need to create an Amazon Redshift Cluster Subnet Group, which is a list of subnets that Redshift can use within a particular VPC.
In the Amazon Redshift management console:
Click Security in the left navigation pane
Click the Subnet Groups tab
Create a Subnet Cluster Group by choosing a VPC, AZ(s) and subnet(s)
Then, try restoring the snapshot again and select your new Subnet Cluster Group.