This message was deleted.

Not MySQL, but here is an example with Postgres:

rdsSg, err := ec2.NewSecurityGroup(ctx, "ssa-rds-private-access-sg", &ec2.SecurityGroupArgs{
		VpcId:       networkConfig.VPC.ID(),
		NamePrefix:  pulumi.String("ssa-rds-private-access-"),
		Description: pulumi.String("Allow access inside the subnet to RDS"),
		Ingress: ec2.SecurityGroupIngressArray{
			ec2.SecurityGroupIngressArgs{Protocol: pulumi.String("tcp"), FromPort: <http://pulumi.Int|pulumi.Int>(5432), ToPort: <http://pulumi.Int|pulumi.Int>(5432), CidrBlocks: pulumi.ToStringArray(networkConfig.Subnets.PrivateCIDRs)},
			ec2.SecurityGroupIngressArgs{Protocol: pulumi.String("tcp"), FromPort: <http://pulumi.Int|pulumi.Int>(5432), ToPort: <http://pulumi.Int|pulumi.Int>(5432), CidrBlocks: pulumi.ToStringArray([]string{okeraCfg.Require("peer-vpc-cidr")})},
		},
		Egress: ec2.SecurityGroupEgressArray{
			ec2.SecurityGroupEgressArgs{Protocol: pulumi.String("tcp"), FromPort: <http://pulumi.Int|pulumi.Int>(0), ToPort: <http://pulumi.Int|pulumi.Int>(0), CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")}},
		},
	})
	if err != nil {
		return nil, err
	}

	dbPassword, err := random.NewRandomPassword(ctx, "aurora-postgres-ssa-tenants-password", &random.RandomPasswordArgs{
		Length:  <http://pulumi.Int|pulumi.Int>(10),
		Special: pulumi.Bool(false),
	})
	if err != nil {
		return nil, err
	}

	rdsSubnetGroup, err := rds.NewSubnetGroup(ctx, "aurora-postgres-ssa-tenants-subnet-group", &rds.SubnetGroupArgs{
		SubnetIds: pulumi.ToStringArrayOutput(networkConfig.Subnets.PrivateSubnetIDs),
	})
	if err != nil {
		return nil, err
	}

	rdsAzs := networkConfig.AvailabilityZones
	if len(rdsAzs) > 3 {
		rdsAzs = rdsAzs[:3]
	}
	rdsCluster, err := rds.NewCluster(ctx, "aurora-postgres-ssa-tenants", &rds.ClusterArgs{
		// RDS only supports up to three AZs, so we use the first three
		AvailabilityZones:     pulumi.ToStringArray(rdsAzs),
		BackupRetentionPeriod: <http://pulumi.Int|pulumi.Int>(5),
		ClusterIdentifier:     pulumi.String("aurora-postgres-ssa-tenants"),
		DatabaseName:          pulumi.String("okeradb"),
		Engine:                pulumi.String("aurora-postgresql"),
		EngineVersion:         pulumi.String("12.4"),
		MasterPassword:        dbPassword.Result,
		MasterUsername:        pulumi.String("okera"),
		PreferredBackupWindow: pulumi.String("07:00-09:00"),
		ApplyImmediately:      pulumi.Bool(true),
		EnabledCloudwatchLogsExports: pulumi.ToStringArray([]string{
			"postgresql",
		}),
		VpcSecurityGroupIds: pulumi.StringArray{rdsSg.ID()},
		DbSubnetGroupName:   rdsSubnetGroup.Name,
	})
	if err != nil {
		return nil, err
	}

	var clusterInstances []*rds.ClusterInstance
	rdsInstance, err := rds.NewClusterInstance(ctx, fmt.Sprintf("aurora-postgres-ssa-tenants-instance-%v", 0), &rds.ClusterInstanceArgs{
		Identifier:        pulumi.String(fmt.Sprintf("aurora-postgres-ssa-tenants-instance-%v", 0)),
		ClusterIdentifier: rdsCluster.ID(),
		InstanceClass:     pulumi.String("db.r6g.large"),
		Engine:            rdsCluster.Engine,
		EngineVersion:     rdsCluster.EngineVersion,
		DbSubnetGroupName: rdsSubnetGroup.Name,
	})
	if err != nil {
		return nil, err
	}
	clusterInstances = append(clusterInstances, rdsInstance)

Thanks @bored-table-20691 for the postgres example. So looks like filling clusterInstances array is the way to go. Had tried a similar approach with MySQL, but without much success.

Yeah I had to reverse this from some other examples. I think the AWS console does most of this for you, but you have to be a bit more explicit with Pulumi (which is fine).

Got it. Thanks. I do so to define the instances in the preferred way. Thanks again!

👍

@orange-musician-98025 I've responded to your support ticket about this if you want a TS example