Swift Server Guide - Creating a PostgreSQL RDS Service on AWS

[heckj]

Outline: 2. Creating a PostgreSQL RDS Service on AWS

Creating PostgreSQL RDS Service on AWS

This chapter details the steps to create a PostgreSQL RDS service on AWS. In this setup, we use the AWS Console to create a new PostgreSQL database instance with specific settings. For context, refer to Chapter 1 for initial configurations and certificate generation details.

---

Table of Contents

---

1. Step-by-Step Instructions

1. Access the AWS Console:
   • Navigate to Aurora and RDS.
2. Create a New Database:
   • Select Databases from the menu.
   • Click on the Create Database button.
3. Configure the Database:
   • Database Creation Method: Choose Standard create.
   • Engine Options: Select PostgreSQL.
   • Version: Use the version PostgreSQL 17.2-R1.
   • Template: Choose Free tier (this creates a single instance without redundancy).
   • DB Instance Identifier: For example, set it to test-database-instance.
   • Credentials: Specify the master username and a custom password. (We use "postgres" for both in this example.)
   • Instance Configuration: Choose db.t4g.micro as the instance type.
   • Storage:
     • Type: Select gp2.
     • Allocated Storage: Set to 20GB.
   • VPS / VPC / VPN - Connectivity:
     • Do not use an EC2 compute resource; select the default VPS and subnet group.
     • For public access, create a new security group (e.g., postgres-sg).
     • TODO: @LACI how to enable / disable public access?
   • Other Settings:
     • Leave additional settings at their default values.
     • Enable all Log Exports.
   • Database Name: Use the default name postgres.
   • Security Group:
     • ⚠️ The created security group will automatically set the inbound rule source to your actual IP address. (based on your local machine IP address or router IP address).
     • Optional: If you want to allow access from any IP (for example, if your IP address changes frequently), you can modify the auto-created security group:
       • Go to EC2 > Security Groups.
       • Find and select the security group (e.g., postgres-sg).
       • Under Inbound rules, click Edit inbound rules.
       • Change the Source from your specific IP (e.g., 203.0.113.42/32) to 0.0.0.0/0 to allow all incoming connections on the specified port (typically 5432 for PostgreSQL).
       • ⚠️ Note: Setting the source to 0.0.0.0/0 allows connections from any IP address, making the database accessible to everyone on the internet if other conditions permit. While this doesn’t automatically expose the database publicly, it significantly increases potential exposure. Ensure strong credentials are used, and consider restricting access by IP or using a VPN for improved security, especially in production environments.
     • NOTE: not enough to publicly access from outside.

2. Testing the PostgreSQL Connection

You can test your PostgreSQL connection on macOS with the following commands:

• Without Verification:

psql "host=<aws_database_endpoint_here> port=5432 dbname=postgres user=postgres password=postgres"

• With Certificate Verification:

PGPASSWORD=postgres PGSSLMODE=verify-full PGSSLROOTCERT=eu-central-1-bundle.pem psql -h <aws_database_endpoint_here> -U postgres -d postgres

Note: The file eu-central-1-bundle.pem is from Chapter 1 and can also be accessed online from Amazon.

⚠️ Important:

Don't forget to replace <aws_database_endpoint_here> with the actual public AWS PostgreSQL endpoint name.

This example assumes that our RDS instance is hosted in the eu-central-1 (Frankfurt) AWS region. Be sure to adjust accordingly if your setup differs.

Next Chapter Preview

Important: In the next chapter, we will integrate this RDS service using the aws-hummingbird-docker-compose.yaml file. This Docker Compose setup will demonstrate how to run your application with the AWS-hosted PostgreSQL backend.

---

Enjoy setting up your PostgreSQL RDS service on AWS, and stay tuned for the upcoming chapter on Docker Compose integration!