Renalyn A.

De Villar BSIT 4-2 December 08, 2024

Lab 5 Activity Report: Working with Amazon RDS (50 points)

ITELEC 4103

I. Brief Rationale for the Activity Conducted:

The purpose of this activity is to provide hands-on experience with Amazon RDS, enabling
students to understand the deployment and management of cloud-based relational database instances.
This lab emphasizes the importance of cloud databases in modern applications by showcasing how they
simplify setup, operation, and scaling while reducing administrative overhead. By working with Amazon
RDS, users gain practical knowledge of setting up relational databases using various engines like MySQL,
PostgreSQL, and Amazon Aurora. Additionally, the activity highlights the role of Multi-AZ deployments in
ensuring high availability and durability for production workloads. This hands-on experience equips
students with the skills to deploy scalable and cost-efficient cloud database resources, aligning with real-
world application requirements.

II. Discussion (based on the tasks performed):

 Creating a VPC security group:

To create a security group that allows your

web server to access your RDS DB instance,
navigate to the AWS Management Console and
search for "VPC" in the Services search box. In
the VPC dashboard, go to the left navigation
pane and select Security Groups. Click on Create
security group and configure the following
Security group name: DB Security Group |
Description: Permit access from Web Security
Group | VPC: Lab VPC (ensure you select Lab
VPC by removing the default VPC selection and
choosing Lab VPC from the dropdown menu).

In the Inbound rules pane, add a rule to permit

access from the Web Security Group. Set the
Type to MySQL/Aurora (3306) and for Source,
type "sg" in the field next to Custom, then select
Web Security Group from the dropdown. This
configuration ensures that the Database Security
Group allows inbound traffic on port 3306 from
any EC2 instance associated with the Web
Security Group. Finally, click Create security
group. This security group will be used when
launching the Amazon RDS database in this lab.
  Creating a DB subnet group:

To create a DB subnet group for

your RDS database, open the
AWS Management Console and
search for RDS in the Services
search box. In the RDS
dashboard, navigate to the left
pane and select Subnet groups
(if the navigation pane is hidden,
click the menu icon in the top-
left corner). Click Create DB
Subnet Group and configure the
following settings: Name: DB-
Subnet-Group | Description: DB
Subnet Group | VPC: Lab VPC

Scroll down to the Add subnets section.

Expand the list under Availability Zones
and select the first two zones: us-east-1a
and us-east-1b. Then, expand the list
under Subnets and select the subnets
corresponding to the CIDR ranges
10.0.1.0/24 and 10.0.3.0/24. These
subnets will now appear in the Subnets
selected table.

Finally, click Create. This DB subnet group

will be used in the next task when setting
up the database.

 Creating an Amazon RDS DB instance and interacting with the database:

To configure and launch a Multi-AZ Amazon RDS

deployment for a MySQL database instance, open
the AWS Management Console, navigate to the
RDS service, and choose Databases from the left
navigation pane. Click Create database and, if
prompted, switch to the new database creation
flow.

Engine Options: Select MySQL.

 Templates: Choose Dev/Test.

Availability and Durability:

Select Multi-AZ DB instance.

Settings:

Set the DB instance identifier to

lab-db.

Configure the Master username

as main.

Set the Master password and

confirm it as lab-password.

DB Instance Class:

Choose Burstable classes

(includes t classes) and select
db.t3.micro.

Storage:

Storage type: General Purpose

(SSD).

Allocated storage: 20 GB.

 Connectivity:

Set Virtual Private Cloud (VPC) to Lab VPC.

Under Existing VPC security groups, select DB

Security Group from the dropdown and deselect
the default option.

Monitoring:

Expand Additional configuration under

Monitoring.

Uncheck Enable Enhanced monitoring to avoid

permission errors.

Additional Configuration:

Set the Initial database name to lab.

Uncheck Enable automatic backups and Enable

encryption to speed up deployment (not
recommended for production environments).

Click Create database.

Once the database is launched, click on the lab-

db link to view details. Wait for the status to
change to Modifying or Available, which may
take about 4 minutes as the database is
deployed across two Availability Zones.

Finally, scroll down to the Connectivity & security section and copy the value of
the Endpoint field (e.g., lab-db.xxxx.us-east-1.rds.amazonaws.com). Save this
Endpoint in a text editor for use in later steps.
Results

III. Analysis Scenarios (based on the tasks performed):

Ensuring Secure Database Connectivity:

To secure database connectivity, I configured a VPC security group specifically for the database.
By defining inbound rules, I restricted access to the database port (3306) to only the security group
associated with the web server. This ensured that only authorized applications within the VPC could
connect to the database, effectively blocking any external or unauthorized access. This approach
enhances security by using AWS's network-level control to isolate and protect the database from
malicious users or unintended exposure.
Achieving High Availability:

The configuration of the DB subnet group played a critical role in ensuring high availability. By specifying
subnets in two different Availability Zones, I enabled Amazon RDS to deploy a Multi-AZ setup. This
configuration ensures that, in the event of a failure in one zone, the database remains operational
through a standby instance in another zone. This fault-tolerant design reduces downtime and ensures
continuous availability of critical applications, which is essential for production workloads.

Simplifying Database Management:

The managed nature of Amazon RDS significantly streamlined database administration tasks.
AWS automated time-consuming processes like backups, software patching, and instance scaling,
allowing me to focus on application development rather than infrastructure maintenance. For example, I
didn’t need to manually set up replication for high availability; Amazon RDS handled this seamlessly as
part of the Multi-AZ deployment. This not only saved time but also reduced the complexity of managing
a relational database in a cloud environment.

Scalability and Performance Optimization:

Amazon RDS provides flexible configuration options, allowing organizations to easily scale
resources based on demand. For this activity, I chose a db.t3.micro instance, which is cost-efficient for
development and testing purposes. If application requirements grow, the instance type can be upgraded
to a more powerful class without significant downtime. Additionally, RDS's storage and compute
resources can be scaled independently, ensuring that organizations pay only for what they need while
maintaining optimal performance. This flexibility ensures that the database can adapt to changing
workloads efficiently.