DEV Community

Israel .O. Ayanda
Israel .O. Ayanda

Posted on • Edited on

Configuring AWS RDS, AWS EFS Storage, KMS and SSL certificate in ACM.

Infrastructure
Now that the major networking services have be configured, next we will configure the data layer and security services.

Create Encryption Key in Amazon KMS
AWS Key Management Service (AWS KMS) create and control keys used to encrypt or digitally sign data. We will use the KMS key to encrypt the AWS RDS MYSQL database. This resource is region specific, hence for this project the KMS key will be created in us-east-1 as with other AWS resource.

  • In the Key Management Service dashboard, click on create key
  • Ensure Symmetric and Encrypt and decrypt is check and click next -Enter a Name, description and Tag

key
Select yourself as administrator

permission
Give yourself key usage permission

usage
Click Next to review and Finish

Key

Amazon RDS
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud.
Amazon RDS supports couple of database engines including MYSQL database needed in this project.

Create Subnet groups
The DB subnet group defines which subnet(s) of VPC the database instance would deploy to.

  • Navigate to the Amazon RDS dashboard
  • In the left menu, click on subnet groups
  • Click on create subnet group
  • Enter Name, description and select VPC
  • Select availabity zone us-east-1a and us-east-1b
  • Select the subnet 10.0.5.0/24 and 10.0.6.0/24 as seen in the diagram.
  • Click create subnet group

Create RDS MySql database

  • Navigate to the Amazon RDS dashboard
  • Create database
  • Under Engine options - select MySql
  • Availability and durability - select Free tier (or Multi-AZ DB Cluster for high availability, data redundancy and increases capacity to serve read workloads)
  • Enter a Name and password for the database
  • Select the right VPC
  • Ensure the database subnet group is selected
  • Public access: No
  • Select the data layer security group we created earlier.
  • Select us-east-1a under Availability Zone
  • Leave other default options
  • Click create database

rdson

db

Create File Storage with EFS
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, elastic file system for general purpose workloads for use with AWS Cloud services and on-premises resources.
It is serverless, elastic, set-and-forget file system that automatically grows and shrinks as you add and remove files with no need for management or provisioning.

  • Navigate Amazon EFS dashboard
  • Click on create file system
  • Enter Name, tag and click next

efs

  • Select the appropriate VPC
  • Select private subnet 1 & 2 (10.0.2.0/24 and 10.0.4.0/24)
  • Next, review the setting and click on create

efs

Access Point
One of the advantages of Amazon EFS is that, it is a shared file systems, meaning it can serve as a storage for more than one application. It keeps each application separate with the use of Access points. We will be hosting two applications.

Create Access Point for Two Applications

  • Click the name of the file system

fs

  • Click on Access Points Tab and click create access point

access point

  • Enter the following details for WordPress application and create access point
Name: wordpress
Path: /wordpress
POSIX user ID, Group ID, Owner user ID, group ID: 0
Access point permissions: 0755
Tag - Name: wordpress-ap

Enter fullscreen mode Exit fullscreen mode

The second application is named Tooling

  • Enter the following details for Tooling application and create access point
Name: tooling
Path: /tooling
POSIX user ID, Group ID, Owner user ID, group ID: 0
Access point permissions: 0755
Tag: Name: tooling-ap

Enter fullscreen mode Exit fullscreen mode

access point

SSL Certificate
Amazon Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications.

Create certificate

  • In the ACM dashboard click on Request a certificate
  • Ensure Request a public certificate is selected and click next
  • Use a wildcard ("") as the Fully qualified domain name ("".yourdomain.xx)

cert

  • Accept the default values and click Request
  • Next Click List Certificate in the left menu
  • Click on the certificate you just created

Cert

  • Click on Create records in Route 53
  • Click on Create records

records

If you purchased your domain externally, you need to create a hosted zone in Route 53 and updated the DNS records.

After a few minute the certificate would be validated and issued.

ssl

Next, let's create AMI's for the web application.
Watch out for the concluding implementation.

Top comments (0)