Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
b
boundless-telephone-75738
07/16/2021, 2:19 PMSo I got an postgresql rds.Instance up and running, now I want to define an extra database inside this instance, so I configure a pg.Provider
const pgProvider = (db: rds.Instance, pw: string) => {
return new pg.Provider(`${name}-db-provider`, {
port: db.port,
host: db.address,
password: pw,
username: db.username,
superuser: true
});
}error: error detecting capabilities: error PostgreSQL version: dial tcp: lookup <privateip>aws.rds.Instance('name', config):PORT:PORTg
great-sunset-355
07/16/2021, 3:49 PMif you have created an rds instance in a private subnet then the only way to connect is having a network connection I guess.
👍 2
b
billowy-army-68599
07/16/2021, 5:40 PMAgree with Jan, can you share the code you used to define your DB instance?
b
boundless-telephone-75738
07/19/2021, 6:43 AMSorry for the late answer, but yes; this is the database code
const dbSubnets = new aws.rds.SubnetGroup(
`unleash-iaac-private-subnets`,
{
subnetIds: vpc.privateSubnetIds,
}
);
export const unleashDb = new aws.rds.Instance(name, {
instanceClass: 'db.t3.micro',
dbSubnetGroupName: dbSubnets.id,
vpcSecurityGroupIds: [sg.id],
name: 'unleash',
allocatedStorage: 20,
maxAllocatedStorage: 100,
engine: 'postgres',
engineVersion: "13.3",
username: 'unleash',
publiclyAccessible: false,
skipFinalSnapshot: true,
deletionProtection: false,
password: randomPassword("database").result,
allowMajorVersionUpgrade: true
});dbSubnettrueb
billowy-army-68599
07/19/2021, 6:55 AMwell you might, but there's security implications. you probably wnt to set up a bastion host
b
boundless-telephone-75738
07/19/2021, 6:56 AMWill have a look at that. Thanks so much for taking the time to reply.
g
great-sunset-355
07/19/2021, 10:03 AMAnother option instead of Bastion host is any ec2 instance with access to the Database network
With installed Session Manager client - this way even ec2 instance can be in the private subnet
https://www.element7.io/2021/01/aws-ssm-session-manager-port-forwarding-to-rds-without-ssh/
then you can port forward only the database port to your local machine
I do this with Cloud9 instance - as a bonus you get IDE.
However, for the production and CI/CD I'd use a private running in my VPC to eliminate all network problems.
I postgresql provider could connect to the DB on your localhost - then you could develop all the code there and then CI/CD deployment would run in VPC.
And ass jaxx says I would not recommend opening your DB to the public network.
Technically with Cloud9 you get good enough IDE, It's not VSCode but it could do for development of this feautre
For completeness here is tldr portforarding flow
# on remote ec2
RDS_ENDPOINT=<instance>.<http://eu-central-1.rds.amazonaws.com:5432|eu-central-1.rds.amazonaws.com:5432>
REMOTE_PORT=5432
sudo socat TCP-LISTEN:${DEST_PORT},reuseaddr,fork TCP4:${RDS_ENDPOINT}
# on local machine:
$INSTANCE_ID=<cloud9 instanceID> # ID of cloud9 instance
REMOTE_PORT=5432 # port where cloud9 listens on
LOCAL_PORT=5432 # port on the local machine that is exposed
aws ssm start-session --target $INSTANCE_ID --document-name AWS-StartPortForwardingSession --parameters "{\"portNumber\":[\"${REMOTE_PORT}\"], \"localPortNumber\":[\"${LOCAL_PORT}\"]}"
# access RDS at <postgresql://localhost>:$LOCAL_PORT/dbb
boundless-telephone-75738
07/19/2021, 11:11 AMThank you Jan. Great option.