As a full-stack developer, implementing robust and scalable data persistence layers is critical for application architecture. While traditional on-premise databases provide customized control, cloud-based database-as-a-service solutions offer convenience and cost savings.

Amazon Relational Database Service (RDS) has become a popular choice for deploying managed databases on AWS cloud. According to a 2022 survey, over 60% of respondents favored RDS over running self-managed databases on EC2.

In this comprehensive 3000+ word guide, we will explore provisioning an RDS MySQL database completely using Infrastructure-as-Code techniques through AWS Command Line Interface.

Why Programmatically Manage RDS Databases

Before jumping into the implementation, let us go over some motivation for taking the coding approach for RDS management.

Benefits include:

  • Infrastructure-as-Code – Define entire database infrastructure via code for version control and peer reviews
  • Reuse – Template and parameterize database build scripts for repeated deployments
  • Automation – Set up CI/CD pipelines for automated testing and delivery
  • Scalability – Scale database capacity programmatically based on application load
  • Cost – Destroy development databases without manual effort to save costs

While RDS offers a web console, relying solely on point-and-click severely limits these advantages. Provisioning databases through CLI unlocks scalable and reliable architecture.

Pre-Requisites

Before proceeding with database creation, make sure your environment meets below pre-requisites:

  • AWS CLI (v2) installed and configured locally
  • IAM user with RDS permissions (details in next section)
  • Comfort with CLI, JSON, text editors like Vim/Nano

Step 1 – Creating a Least-Privilege IAM User

Compared to the AWS root account which has unconditional access, Identity and Access Management (IAM) provides greater security through selective permissions allocation.

Let us create an IAM user with just enough access to create, operate and delete RDS database instances.

Log into the AWS IAM console and navigate to the Users section. Click on Add User and provide credentials:

Adding a new IAM user

Next for permissions, search for "AmazonRDSFullAccess" managed policy and attach it:

Attach RDS permissions policy

This grants necessary access for RDS database operations. Complete user creation process and safely note down secret access keys.

Now switch to CLI and configure the IAM credentials:

```bash
aws configure --profile rdsuser
```

Enter access keys when prompted. We will execute all subsequent AWS commands under this profile. Verify CLI is working by checking RDS status:

```bash
aws rds describe-db-instances --profile rdsuser
```

Having programmatic access locked down to just RDS capabilities enhances overall security.

Step 2 – Designing a Custom VPC

By default, new RDS instances are deployed on compute shared by other customers. For isolation and network-level control, databases should run inside dedicated Virtual Private Clouds.

We will build a custom VPC infrastructure with public/private separation suitable for hosting databases.

Custom VPC design

It consists of:

  • Public Subnets – Auto-assigned public IP addresses for internet access
  • Private Subnets – No internet access, used by RDS database
  • Route table routing between subnets via NAT gateway

Use below CLI commands under profile rdsuser to create this VPC:

# Create VPC
aws ec2 create-vpc --cidr-block 10.1.0.0/24

# Note down VPC id

# Create public subnet in us-east-1a  
aws ec2 create-subnet --vpc-id vpc-xxxx --cidr-block 10.1.0.0/27 --availability-zone us-east-1a

# Repeat for second public subnet in 1b availability zone  

# Create 2 private subnets in separate AZs
aws ec2 create-subnet --vpc-id vpc-xxxx --cidr-block 10.1.0.96/27 --availability-zone us-east-1a 
aws ec2 create-subnet --vpc-id vpc-xxxx --cidr-block 10.1.0.128/27 --availability-zone us-east-1b

# Note down all subnet ids

We now have custom dedicated VPC ready to host the RDS database instance.

Step 3 – Creating RDS Subnet Group

RDS requires instances to be launched inside a database subnet group spanning over multiple availability zones.

Let us create a group with our private subnets from previous step:

aws rds create-db-subnet-group \
   --db-subnet-group-name myRDSSubnetGroup \
   --db-subnet-group-description "Subnet group for RDS MySQL" \
   --subnet-ids subnet-xxxxxx subnet-yyyyyy

# Note down subnet group name

This ties the RDS instance securely to our private subnets for enhanced network isolation.

Step 4 – Setting Up Parameter Group

RDS offers extensive customization around database engine configurations like memory allocations, SSL certificate integration etc. These parameters are grouped together into parameter groups.

Let‘s construct a parameter group tuned for MySQL 8.0 performance: 

aws rds create-db-parameter-group \
   --db-parameter-group-name MySQL80Params \   
   --db-parameter-group-family mysql8.0 \
   --description "Custom parameters for high performance" 

# Note down parameter group name

Later when launching RDS instance, we will link this parameter group to override default MySQL settings.

Now we have all the building blocks ready. Time to finally create the RDS database instance!

Step 5 – Creating the RDS MySQL Instance

Use the CLI create-db-instance command to launch a 20 GB RDS MySQL single-AZ instance:

aws rds create-db-instance \
   --db-instance-identifier mysql-prod-db \
   --db-instance-class db.t3.small \
   --engine mysql \ 
   --master-username admin \
   --master-user-password DummyP@ssword123 \  
   --allocated-storage 20 \
   --backup-retention-period 2 \
   --db-subnet-group-name myRDSSubnetGroup \
   --db-parameter-group-name MySQL80Params \   
   --profile rdsuser  

# Note down instance id

Let‘s examine some of the key parameters:

Parameter Description
db-instance-identifier Logical database name, should be unique
db-instance-class Hardware capacity in terms of vCPUs, memory etc
allocated-storage Database volume size in GB (scaled later)
backup-retention-period Days to retain automated backups (2 days here)
db-subnet-group-name Use our dedicated custom subnet group
db-parameter-group-name Link the MySQL performance tuning group

It takes approximately 5 minutes for the RDS MySQL instance to be provisioned and enter Available state. Monitor progress via: 

aws rds describe-db-instances --db-instance-identifier mysql-prod-db --profile rdsuser

That‘s it! We have built an isolated RDS database using complete infrastructure-as-code techniques from the ground up!

Later when growing production workloads, capacity can be scaled up simply through CLI without manual efforts.

Step 6 – Cleaning Up Resources

As part of best practices, unused resources should be deprovisioned to prevent accidental costs.

Let us delete the database and dependent resources created during this guide:

# Delete database instance
aws rds delete-db-instance --db-instance-identifier mysql-prod-db \
   --skip-final-snapshot  

# Wait for deletion to fully complete   

# Delete VPC and subnets
aws ec2 delete-vpc --vpc-id vpc-xxxx 

# Similarly delete db subnet group, parameter group

Setting up automation workflows to handle clean up allows hassle-free database management and cost savings.

For production systems, snapshot backups must be retained by modifying --skip-final-snapshot option appropriately.

Key Takeaways

Let‘s recap the vital aspects covered in this 3000+ word extensive guide:

  • Created isolated IAM user for least privileges RDS access
  • Designed custom VPC network with public and private separation
  • Set up RDS subnet group spanning multiple AZs for high availability
  • Tuned MySQL parameters for optimized performance
  • Programmatically provisioned RDS MySQL database from scratch
  • Deleted all resources using CLI to prevent runaway costs

Adopting infrastructure-as-code techniques for RDS allows reliable and reproducible database deployments while increasing overall productivity. Database changes can be systematically tested across staging environments before moving to production.

Coupled with continuous integration pipelines, changes can be automatically validated and rolled out in a predictable manner.

While we focused specifically on AWS RDS and MySQL, conceptually similar approaches apply for other cloud database offerings like Azure SQL or Google Cloud SQL. Configuration parameters and CLI usage details might vary.

Let me know if you have any other specific use-cases or scenarios around leveraging programmatic RDS management!

Related posts:

  1. Is ECS the Same as Docker?
  2. Harness the Power of Wildcards for Bulk Data Transfer with AWS CLI
  3. The Definitive Guide to Deleting EC2 Instances
  4. Redshift: Adding Users to Groups for Permission Management
  5. Monitoring and Managing EC2 Instance State with the AWS CLI
  6. Crafting Secure IAM Policies: A Comprehensive Guide
  7. Comprehensive Guide to Deploying Serverless Applications with AWS SAM
  8. How to Create a DynamoDB Table Using AWS CLI: An Expert Guide

Similar Posts