I've created a VPC. By default the VPC created one public and one private subnet. I've created an additional private subnet in a different availability zone.
I then (in the ElasticCache console) created a new subnet group that contains these two private subnets from the VPC. This subnet group is also associated, of course, with the VPC.
Then, on creating an Aurora RDS within this VPC, it asks for a subnet group. There's one there, a 'default' group, but my new subnet group doesn't appear.
How do I create a subnet group that is acceptable when creating a database?
Well.. as it turns out the ElasticCache subnet groups are not visible when creating a database. You have to use the RDS console to create a 'Database Subnet Group'. Once you do that.. you're set.
ElasticCache and RDS are different types of product groups. Their SubnetGroups are different entities and they don't over lap with each other. You would need to create subnet groups in RDS to use it with RDS engines (database engines). They are not tied to any db engine, so you can re-use them within RDS.
One additional thing to note is that some other Database productions like Amazon Neptune and Amazon DocDB are able to access your RDS subnet groups as well. Just an FYI.
Related
I want to set up a VPC for my Elastic Beanstalk web app and RDS postgres db. I tried creating a VPC but ran into problems:
I went to VPC on AWS -> Launch VPC Wizard -> VPC with Public and Private Subnets. I am not sure what configurations to use. For example, what should I set Elastic IP Allocation ID? Do I need to set the VPC name?
After I create this, am I ready to just add it in EBS and RDS, or is there something else I need to do? Thanks!
Do I need to set the VPC name?
Its optional, but you can use, e.g. MyVPCforEB or what you want. It easier to find your vpc by name, than by cryptic vpc-id.
what should I set Elastic IP Allocation ID
You have to create EIP first. Its done in VPC -> Elastic IP addresses menu. This is required for NAT gateway, so that instances in private subnet can access the internet.
After I create this, am I ready to just add it in EBS and RDS, or is there something else I need to do?
Not really. To do it properly, you would need to add one more private subnet. The VPC wizard will create only one private subnet. For RDS, to create a subnet group, you need to have at least two private subnets in different Availability Zones.
Thus, once you have two private subnets in two different AZs, then you can create new Subnet Group in RDS with the subnets. Having this, you can create the RDS in these two subnets.
I have a custom VPC which has 6 public subnets in 6 AZs.
When I tried to create Aurora Serverless, I do see my VPC in the VPC dropdown but there is only 1 item 'Create new DB subnet group'.
I'm expecting my VPC has available subnet groups already.
I have researched a lot already, even compare another VPC (which is working) with my VPC, I don't see anything differences from VPC to Subnet to RouteTable to Security Group ...
Please advice.
You need to bundle the subnets you want to use on your instance on a db subnet group, you can't add the subnets directly.
It is very easy, as seeing here.
I haven't changed my vpc/subnet settings since making an aws account, and I've recently found my rds instance is apparently in 3 subnets (subnet is listed as default with 3 subnet names underneath), one of which also has my application server. Is it necessary to have my rds in all 3 subnets? I want to move it to a separate subnet away from the application server and make it private - if that's the case is there anything in particular I will need to do?
Typically, an Amazon RDS instance is running on one server in one subnet.
However, when launching the database, you are asked to provide a Subnet Group, which identifies which subnets the database could launch in. These are typically private subnets within the VPC.
If you are using a Multi-AZ database, then it will use two subnets -- one for the Master (running) database and one for the secondary (standby) database.
It is also possible to create Read Replicas that could be in a different subnet to the Master database.
Bottom line: You are probably viewing the list of subnets in the Subnet Group that it can use, but it is likely to only be in one subnet at the moment.
Given a VPC, can I not explicitly mention which subnets the RDS instance should exist?
I have created a VPC 10.0.0.0/24 with three subnets as shown below:
REST servers - 10.0.0.0/25
RDS - AZ1 - 10.0.0.128/26
RDS - AZ2 - 10.0.0.192/26
When creating the DB, I am able to provide the VPC name. It seems, all subnets of this VPC are automatically selected. I am not able to specify the two subnets (as shown in the list above). There is an option for public accessibility which I have set to No. Therefore, even though all subnets seem to be applied for this RDS instance, it seems that, it will be accessible only from the REST servers subnet.
You need to select the DBSubnet Group , which should have your private subnets.
You need to create a new subnet group and assign it while creating a new RDS. Make note that existing RDS doesn't reflect when you change the subnet group, hence you need to create a new one.
I have one Oracle SE instance that is not multi-az and does not have encryption enabled, and I have an Oracle EE instance that is multi-az and has encryption enabled. The former has the option to change the subnet group through the console (modify instance > network and security), whereas the latter does not. Both instances are in a subnet group within the default vpc, and I have a custom vpc within the same account with another subnet group in it.
What conditions determine whether or not it is possible to change the subnet group of an RDS instance? I have not been able to find any documentation on this so far.
It is the Multi AZ Deployment that is the determining factor. To test this, modify your DB instance and turn off the Multi AZ Deployment. Once it is done, go modify it again and you'll notice you now have the option to change the subnet group.
I haven't found any indication as to the reason for this behavior in the AWS documentation.
As #hackakhan mentioned, you need to have Multi AZ Deployment turned off to modify the DB subnet group of an RDS instance. Unfortunately, the RDS instance will only be migrated to one of the subnets from the new DB subnet group if the new DB subnet group resides in a different VPC. You could create a temporary VPC to migrate away the RDS instance only to migrate it back to your existing VPC and the right DB subnet group within that VPC.
The AWS Premium Support Knowledge Center has a detailed explanation of the steps involved: https://aws.amazon.com/premiumsupport/knowledge-center/change-vpc-rds-db-instance/
My understanding
RDS instances can't be migrated from one database subnet group to another if:
The destination database subnet group is in the same VPC as the current group
The instance has the multi-availability zone setting enabled
What worked for me
Creating the subnet group within my VPC that would be the eventual home of my RDS instance
Creating a temporary database subnet group in the "DEFAULT" VPC (my RDS instance has previously been a subnet group in a VPC that I had provisioned, not the default one) consisting of the three subnets that belong to the "DEFAULT" VPC—this can be done in the RDS section of the AWS Console, no need to go to the VPC section
Modifying the instance's subnet group to the newly created group (from 2.)
Modifying the instance's subnet group to its eventual home within my original VPC (from 1.)