Deploy an RDS Database via Terraform
Amazon Relational Database Service (Amazon RDS) is an easy-to-manage relational database service optimized for total cost of ownership.
Last updated
Amazon Relational Database Service (Amazon RDS) is an easy-to-manage relational database service optimized for total cost of ownership.
Last updated
In scenarios where the MS-SQL Database is decoupled from the Portal Application, it's recommended to run the database using the AWS RDS managed service for better scalability, availability, and management. The database must use an MS-SQL engine, which can be deployed in any of its supported versions.
There are multiple ways to deploy the MS-SQL database on AWS RDS, but to streamline the process, we provide an example of how to deploy it using Terraform in our Git repository. This example includes all the necessary configurations for setting up an RDS instance with MS-SQL, ensuring it integrates seamlessly with the WorkSpaces Manager environment.
Once the database has been deployed —whether via Terraform, CloudFormation, or manually on an EC2 instance— you need to configure the database to allow connections from the WorkSpaces Manager Appliance. At a minimum, this configuration should include:
Database Access: Set up a username and password for the WSM Appliance to connect to the database.
Security Group Configuration: Ensure that the database's security group allows inbound traffic on TCP/1433 (MS-SQL) from the IP address or VPC of the WSM Appliance.
Secrets Manager: Store the database credentials (username and password) in AWS Secrets Manager for secure access by the WSM Appliance.
By storing the credentials in Secrets Manager, the WSM Appliance can securely retrieve and use them during operations, reducing the need for hardcoded credentials and improving security.
The retrieval of credentials is done in real-time by calling the AWS Secrets Manager API, ensuring that no sensitive information is stored or cached elsewhere. This process enhances security, as the credentials are only accessed when needed and are not exposed in any configuration files or logs, reducing the risk of unauthorized access.
