Configuring AWS RDS, AWS EFS Storage, KMS and SSL certificate in ACM.

#database #security #storage #aws

Now that the major networking services have be configured, next we will configure the data layer and security services.

Create Encryption Key in Amazon KMS
AWS Key Management Service (AWS KMS) create and control keys used to encrypt or digitally sign data. We will use the KMS key to encrypt the AWS RDS MYSQL database. This resource is region specific, hence for this project the KMS key will be created in us-east-1 as with other AWS resource.

In the Key Management Service dashboard, click on create key
Ensure Symmetric and Encrypt and decrypt is check and click next -Enter a Name, description and Tag

Select yourself as administrator

Give yourself key usage permission

Click Next to review and Finish

Amazon RDS
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud.
Amazon RDS supports couple of database engines including MYSQL database needed in this project.

Create Subnet groups
The DB subnet group defines which subnet(s) of VPC the database instance would deploy to.

Navigate to the Amazon RDS dashboard
In the left menu, click on subnet groups
Click on create subnet group
Enter Name, description and select VPC
Select availabity zone us-east-1a and us-east-1b
Select the subnet 10.0.5.0/24 and 10.0.6.0/24 as seen in the diagram.
Click create

Create RDS MySql database

Navigate to the Amazon RDS dashboard
Create database
Under Engine options - select MySql
Availability and durability - select Free tier (or Multi-AZ DB Cluster for high availability, data redundancy and increases capacity to serve read workloads)
Enter a Name and password for the database
Select the right VPC
Ensure the database subnet group is selected
Public access: No
Select the data layer security group we created earlier.
Select us-east-1a under Availability Zone
Leave other default options
Click create database

Create File Storage with EFS
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, elastic file system for general purpose workloads for use with AWS Cloud services and on-premises resources.
It is serverless, elastic, set-and-forget file system that automatically grows and shrinks as you add and remove files with no need for management or provisioning.

Navigate Amazon EFS dashboard
Click on create file system
Enter Name, tag and click next

Select the appropriate VPC
Select private subnet 1 & 2 (10.0.2.0/24 and 10.0.4.0/24)
Next, review the setting and click on create

Access Point
One of the advantages of Amazon EFS is that, it is a shared file systems, meaning it can serve as a storage for more than one application. It keeps each application separate with the use of Access points. We will be hosting two applications.

Create Access Point for Two Applications

Click the name of the file system

Click on Access Points Tab and click create access point

Enter the following details for WordPress application and create access point

Name: wordpress
Path: /wordpress
POSIX user ID, Group ID, Owner user ID, group ID: 0
Access point permissions: 0755
Tag - Name: wordpress-ap

The second application is named Tooling

Enter the following details for Tooling application and create access point

Name: tooling
Path: /tooling
POSIX user ID, Group ID, Owner user ID, group ID: 0
Access point permissions: 0755
Tag: Name: tooling-ap

SSL Certificate
Amazon Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys that protect your AWS websites and applications.

Create certificate