Use AWS CDK to Create an RDS Instance in an ISOLATED Subnet

1
votes

I'm trying to use CDK (Typescript) to create an RDS (Postgres) instance within an ISOLATED subnet. As far as I understood, the default VPC created automatically in each of my account regions only has Public Subnets.

If I then want to launch a Fargate instance on top of one of those Public Subnets, do I need to create a VPC Peering between the ISOLATED subnet and the default VPC?

Any idea how to create that using CDK?

2
amazon-web-servicesamazon-vpcaws-cdk
There is an open bug about this - github.com/aws/aws-cdk/issues/3356#issuecomment-591669951 As you can see I suffered the same thing and ended up using private subnetAmit Baranes
I see, thank you. So did you end up going the same route I'm describing above? Namely creating a separate VPC with a private subnet and creating VPC Peering, or else did you go about another way?Sammy
I have tested the private subnet and it fits my requirements. ( of course I would rather work this isolated)Amit Baranes

2 Answers

1
votes

"Any idea how to create that using CDK?" -> yes:

  1. Use AWS CDK to provision a new VPC similar to this. As you can see, there are subnets for public, applicational and database layers;
  2. [OPTIONAL] For a better AWS CDK project organization, you can use multiple stacks like network (VPC resources), compute (Fargate resources), and database (RDS). You can pass the vpc on network stack to compute & database stacks;
  3. Be sure that you set vpc on the ECS cluster and at load-balanced level (if applicable) and put RDS database in the isolated/database by using vpcSubnets attribute

To sum up, one VPC. No applicational or database exposed to the public. I have a git repo in case you want to look for sample code/template

0
votes

VPC peering is when you have two VPC with different CIDR ranges. You have one VPC hence no need to use VPC peering.