Fix MySQL Aurora RDS security group. Update POstgres scripts#9
Fix MySQL Aurora RDS security group. Update POstgres scripts#9ZdravkoDonev-redis wants to merge 2 commits intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request makes three main changes to the AWS RDS PrivateLink failover example:
Changes:
- Adds security group configuration to the RDS Proxy to enable proper communication with the NLB and RDS instances
- Updates the example.tfvars with region/AZ changes and adds personal development identifiers
- Comments out automatic database setup resources in db_setup.tf, requiring manual setup via provided scripts
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| examples/aws-rds-privatelink-failover/main.tf | Adds vpc_security_group_ids to RDS Proxy to allow NLB health checks via the shared security group's self-referencing ingress rule |
| examples/aws-rds-privatelink-failover/example.tfvars | Updates region to eu-central-1, changes AZs, and adds personal identifiers (name with "zdravko", aws_profile "dev-rdi") |
| examples/aws-rds-privatelink-failover/db_setup.tf | Comments out automatic database setup resources with explanatory comments about needing VPC access; setup now requires manual execution |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| redis_secrets_arn = "" | ||
| redis_privatelink_arn = "" | ||
| db_engine = "postgres" # Options: "postgres" or "mysql" | ||
| aws_profile = "dev-rdi" No newline at end of file |
There was a problem hiding this comment.
The aws_profile value "dev-rdi" appears to be specific to a particular development environment. Since this is an example configuration file, consider using a more generic value or adding a comment indicating this should be customized for the user's environment.
| aws_profile = "dev-rdi" | |
| aws_profile = "default" # Update this to your AWS CLI profile name |
| # Commented out: This requires network access to the private RDS instance | ||
| # To set up the database, either: | ||
| # 1. Run the psql.sh script from a bastion host or machine with VPC access | ||
| # 2. Use AWS Systems Manager Session Manager to connect to an EC2 instance in the VPC | ||
| # 3. Set up a VPN connection to the VPC | ||
| # | ||
| # resource "null_resource" "setup_chinook_postgres" { | ||
| # count = var.db_engine == "postgres" ? 1 : 0 | ||
| # depends_on = [ | ||
| # module.rdi_quickstart_postgres, | ||
| # module.rds_lambda | ||
| # ] | ||
| # provisioner "local-exec" { | ||
| # environment = { | ||
| # PGPASSWORD : nonsensitive(random_password.db_password.result) | ||
| # } | ||
| # command = <<EOF | ||
| # #!/bin/sh | ||
| # set -x | ||
| # mkdir -p scripts | ||
| # curl https://raw.githubusercontent.com/Redislabs-Solution-Architects/rdi-quickstart-postgres/refs/heads/main/scripts/Chinook_PostgreSql.sql -o scripts/Chinook_PostgreSql.sql | ||
| # curl https://raw.githubusercontent.com/Redislabs-Solution-Architects/rdi-quickstart-postgres/refs/heads/main/scripts/track.csv -o scripts/track.csv | ||
| # psql -h ${module.privatelink.lb_hostname} -d chinook -U postgres -p ${var.port} -f scripts/Chinook_PostgreSql.sql > postgres_setup.log | ||
| # EOF | ||
| # } | ||
| # } |
There was a problem hiding this comment.
The resources in db_setup.tf have been commented out, which means the Chinook sample database is no longer automatically loaded during terraform apply. However, the README.md at line 150 still states that "The db_setup.tf file contains separate setup resources for each database type, automatically loading the appropriate Chinook sample database." This documentation should be updated to reflect that database setup is now a manual process that must be performed separately using the psql.sh or mysql.sh scripts from a machine with VPC access.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Commented out: This requires network access to the private RDS instance | ||
| # To set up the database, either: | ||
| # 1. Run the psql.sh script from a bastion host or machine with VPC access | ||
| # 2. Use AWS Systems Manager Session Manager to connect to an EC2 instance in the VPC | ||
| # 3. Set up a VPN connection to the VPC | ||
| # |
There was a problem hiding this comment.
The README states that "The db_setup.tf file contains separate setup resources for each database type, automatically loading the appropriate Chinook sample database." However, these setup resources are now commented out in this PR. The README should be updated to reflect that database setup is now a manual process that requires network access to the private RDS instance, or point to alternative setup methods (e.g., using the psql.sh/mysql.sh scripts from a bastion host).
1 participant
No description provided.