By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CDK RDS ServerlessCluster with public access

0

Hi, I would like to create a ServerlessCluster with public access. I have successfully been able to create a database, and can access it using private methods, but I would really like public access for my users.

   const cluster = new rds.ServerlessCluster(this, 'AnotherCluster', {
      engine: rds.DatabaseClusterEngine.AURORA_POSTGRESQL,
      parameterGroup: rds.ParameterGroup.fromParameterGroupName(this, 'ParameterGroup', 'default.aurora-postgresql10'),
      vpc: env.getVpc(),
      vpcSubnets: {
        subnetType: ec2.SubnetType.PUBLIC,  // doc indicates that this should result in public access
      },
      //publiclyAccessible: true,  // this option not available for ServerlessCluster
      credentials: rds.Credentials.fromGeneratedSecret('postgres'),
      enableDataApi: true, 
      defaultDatabaseName: 'defaultDatabase'
    });

The construct 'ServerlessCluster' does not have the 'publicAccessible' property, so that can't be configured. The doc indicates that by specifying subnetType: ec2.SubnetType.PUBLIC then the default is to provide public access, but despite placing the database in the public subnets, it does not do so. The domain name resolves to a private address.

I can create a similar database from the console, specify public access, and that works, but I really need to do this from the CDK.

How can I get this to work?

thanks.

Topics
DatabaseManagement & Governance
Tags
Aurora PostgreSQLAWS CloudFormation
Language
English
AWS-User-9720008
asked 2 years ago245 views
6 Answers
0

Hello,

As seen in the following AWS documentations You can't give an Aurora Serverless v1 DB cluster a public IP address. You can access an Aurora Serverless v1 DB cluster only from within a VPC[1]. Hence giving public access to serverlesss v2 cluster is not supported. That being said Aurora Serverless v2 does support public ip address as seen in the following AWS document which also compares differences between an Aurora Serverless v1 V/S Aurora Serverless v2 cluster[2].

References:

[1]https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless-v1.requirements

[2]https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.upgrade.html#Serverless.v1-v2-requirements

AWS
Aditya_T
answered 2 years ago
0

Thanks for that info. The doc doesn't state that ServerlessCluster launches v1 by default, and it wasn't my intention to do so, how can I launch a v2 cluster, and allow public access?

AWS-User-9720008
answered 2 years ago
0

The user guide doc is your friend. Do note, however, that you'll have to run engine_version 13.6 or newer for v2; if you select e.g. 10.21 as your version, only serverless v1 is an option (I assume that's what you did). Thus, either create a new database with the right version (easiest, especially if you don't have a lot of data) or follow the upgrade instructions in the user guide (which takes a few steps, but may be a good learning experience).

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.upgrade.html

AWS
staringAWS
answered 2 years ago
0

Thanks for your answer, but still no luck. I've changed the engine version to 13.6 (but see the same results with 13.7) as follows, but now it tells me

8:36:21 AM | CREATE_FAILED | AWS::RDS::DBCluster | AnotherCluster9D7C9369 The engine mode serverless you requested is currently unavailable. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 4e3e0d67-2055-48a6-aa9a-6cfcbc92e27b; Proxy: null)

    const cluster = new rds.ServerlessCluster(this, 'AnotherCluster', {
      engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.of('13.6', '13', { s3Import: false, s3Export: false }) }), 
      vpc: env.getVpc(),
      vpcSubnets: {
        subnetType: ec2.SubnetType.PUBLIC,
      },
      credentials: rds.Credentials.fromGeneratedSecret('postgres'),
      enableDataApi: true, 
      defaultDatabaseName: 'defaultDatabase'
    });

Any further suggestions?

AWS-User-9720008
answered 2 years ago
0

Is it mandatory for you to use the CDK for this? It appears that there's still no proper support in CDK for creating serverless v2 clusters, see e.g. https://github.com/aws/aws-cdk/issues/20197 which hasn't been marked as resolved yet. Some workarounds have been presented in the comments to that issue, so maybe you can get around the limitation that way if creating the cluster using e.g. the console is not an option.

AWS
staringAWS
answered 2 years ago
0

Thanks. It is mandatory that we use the CDK - all our infrastructure is automated and stood up using it. I have since found a work around though.

AWS-User-9720008
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content