AWS – RDS Database Instance

 

Create Database Instance

 

Open the Managed Relational Database Service (RDS) and start creating a new database.

Step 1 – Engine

Select MySQL or MariaDB database engine.

 

Click Next

Step 2 – Database Details

Select the database version, the Amazon instance type on which to run the database, and storage capacity. Then set a name for the database, e.g. swisspki-db.

 

Define a database administrator with username dba, and choose a password.

 

Click Next

Step 3 – Advanced Settings

  1. In section Network & Security, choose the default Virtual Private Cloud (VPC), disallow public accessibility, and choose the VPC security group already associated with the EC2 SwissPKI inatance.
  2. In section Database options, define a dabase named pki on port 3306.
  3. For sections Encryption, Backup, Monitoring and Log exports, configure according to your needs.

Finally click on Create database to finish the wizard

Create Database User

 

Get database hostname

Open the RDS console, click on Databases on the left panel, and click on the database name to display its details. The database should be started with green status Available. In tab Connectivity, locate the Endpoint in order to get the hostname of the instance.

 

Get EC2 hostname

Open the EC2 console and click on Instances on the left panel. If it is not already running, start the SwissPKI instance: right-click on the instance to open the contextual menu, select Instance state and then Start. Wait until its status switches to green light running. Having selected the instance, its details appears in tab Description just below. Locate the parameter Public DNS (IPv4) in order to get the hostname of the instance.

 

Connect to EC2 instance

From a command-line shell on your local computer, use the ssh command to log into the SwissPKI instance using the hostname indicated in the description and the private key you downloaded when acquiring the AMI.

 

$ ssh -i /path/to/private/key.pem centos@your.ec2.hostname.amazonaws.com
[~] mysql --host your.rds.hostname.amazonaws.com --port 3306 -u dba -p
Enter password:
MariaDB [(none)]>

 

Create SwissPKI user
MariaDB [(none)]> CREATE USER 'swisspki'@'%' IDENTIFIED BY 'choose_a_password';
MariaDB [(none)]> GRANT USAGE ON *.* TO 'swisspki'@'%';
MariaDB [(none)]> GRANT 
    SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, 
    REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, 
    LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, 
    CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER 
    ON pki.* TO 'swisspki'@'%';
MariaDB [(none)]> FLUSH PRIVILEGES;