Relational Database Service
***************************

.. attention:: These notes are being moved to
               https://www.pkimber.net/open/salt-cloud-amazon.html

From `An Introduction to the AWS Command Line Tool Part 2`_

Create a security group for the database::

  aws ec2 create-security-group \
    --group-name MySecurityGroupDBOnly \
    --description "Inbound DB only"

Allow access::

  aws ec2 authorize-security-group-ingress \
    --group-name MySecurityGroupDBOnly \
    --source-group MySecurityGroupDBOnly \
    --protocol tcp --port 5432

.. note:: The above rule allows any EC2 instance associated with
          ``MySecurityGroupDBOnly`` to access any other EC2 or RDS instance
          associated with ``MySecurityGroupDBOnly`` on port ``5432/tcp``.

Create Database
===============

Generate a secure password using ``apg``::

  apg -a0 -n10 -m16

Make a note of the ID of your security group::

  aws ec2 describe-security-groups --group-names MySecurityGroupDBOnly

Create the database instance::

  aws rds create-db-instance \
    --db-name MyDatabase \
    --db-instance-identifier my-db-instance \
    --allocated-storage 5 \
    --db-instance-class db.t1.micro \
    --engine postgres \
    --master-username dbadmin \
    --master-user-password <password generated with apg> \
    --vpc-security-group-ids <db security group id>

- Replace ``<password generated with apg>`` with the password generated by
  ``agp``.
- Replace ``<db security group id>`` with the ID of your security group.

You can view your database instance::

  aws rds describe-db-instances

Security
========

To allow access to your database you need two bits of information:

The EC2 instance ID.  Find the ``InstanceId`` by running this command::

  aws ec2 describe-instances

The group ID of your original security group (see ``awscli``)::

  aws ec2 describe-security-groups --group-names MySecurityGroup

The group ID of your database security group::

  aws ec2 describe-security-groups --group-names MySecurityGroupDBOnly

This is the command to set-up the security::

  aws ec2 modify-instance-attribute \
    --instance-id <instance id> \
    --groups <security group id> <db security group id>

- Replace ``<instance id>`` with the ``InstanceId``
- Replace ``<security group id>`` with the ID of the standard security group
  (see ``awscli``).
- Replace ``<db security group id>`` with the ID of the database security group.

Usage
=====

You should be able to connect to your database instance using ``psql``::

  psql --host=my-db-instance.cmf1ips9eg9s.eu-west-1.rds.amazonaws.com --username=dbadmin postgres

- Run ``aws rds describe-db-instances`` (see above) to find the *Endpoint*
  address.
- Enter the master user password when prompted (see ``apg`` above)


.. _`An Introduction to the AWS Command Line Tool Part 2`: http://www.linux.com/news/featured-blogs/206-rene-cunningham/764536-an-introduction-to-the-aws-command-line-tool-part-2