Integrating Amazon RDS with workloads running in VMware Cloud on AWS

Author’s Note: This post originally appeared on the author’s personal blog, and it has been reposted with permission.

VMware Cloud on AWS (VMC on AWS) is VMware’s flagship Public/Hybrid Cloud offering which our global customers can use around the world. VMC on AWS is the most mature cloud offering from VMware with all the enterprise features that our customers are used to. With VMC on AWS, VMware and AWS customers can build, manage, secure, modernize and operate VMware based workloads in the cloud. VMC on AWS supports many kinds of enterprise cloud computing use cases, such as Cloud Migration, Cloud Bursting, Data Center (DC) Expansion, DC Extension, DC Evacuation, Virtual Desktop Infrastructure (VDI) in the Cloud, Application Modernization, Kubernetes, and so on.

Amazon Relational Database Service (RDS) is one of the most popular managed Database services from Amazon Web Services (AWS). Amazon RDS currently supports most of the popular Relational Databases such as MySQL, PostgreSQL, Oracle, Microsoft SQL Server along with Amazon’s own database engines - Amazon Aurora with MySQL and PostgreSQL. Customers around the world are adopting cloud databases in Amazon RDS for its simplicity, ease of use, and to off-load tedious Database maintenance responsibilities from DBAs to AWS. Amazon RDS takes care of many critical DB operations such as, upgrading, patching, High Availability, DB Resiliency, and database backups, to name a few.

The beauty of VMC on AWS running on AWS Cloud is its adjacency and proximity to AWS services. Like Amazon EC2 (Amazon’s popular Cloud Computing service), VMC on AWS is now a first-class citizen that can integrate readily with any services in AWS. The workloads residing on VMC on AWS can quickly and easily consume AWS services such as Amazon RDS, S3, EC2, Dynamo DB, Lambda, Route53 etc. When architected appropriately, integrating these workloads with AWS services, can benefit customers from “Zero” egress cost, low latency and higher performance.

Currently we are witnessing so many innovative and interesting solutions and emerging new use cases in this area, from our customers and partners around the world.

In this article, we will walk through steps to integrate Amazon RDS with workloads running on VMC on AWS SDDC. While these integrations can be done in many ways, with various networking constructs (VPC Peering, Transit Gateway, etc.), we will be focusing solely on integration of these services using Elastic Network Interface (ENI) or VPC Interface (as it appears on VMC on AWS Console). This is available by default when a VMC on AWS Software Defined Data Center (SDDC) is spun up and connected to a VPC (Virtual Private Cloud).

Elastic Network Interface (ENI) Basics

Figure 1: Elastic Network Interface (ENI) associated with VMC on AWS SDDC as seen on Customer managed AWS Account

Elastic Network Interface (ENI) connects VMware Cloud on AWS and the customer’s Virtual Private Cloud (VPC). It provides a high-bandwidth, low latency connection between the customer managed VPC and the VMware Cloud on AWS SDDC. When architected appropriately, there are no data egress charges across the ENI within the same Availability Zone. Appropriate firewall rules can/should be created on both ends of this connection for securing workloads.

Common Use Cases

Below are some common customer use cases that we’re currently seeing in the field where customers are integrating Amazon RDS with workloads residing on VMware Cloud on AWS SDDC:

Integrating existing Amazon RDS Databases with VMware workloads residing on VMC on AWS SDDC or On-premises
Modernizing existing databases on VMC on AWS SDDC or On-premises by moving it to Amazon RDS
Migrating storage heavy databases from a VMC on AWS SDDC or On-premises to Amazon RDS
Building new databases on Amazon RDS and accessing them from a VMC on AWS SDDC
Creating replicated databases between VMC on AWS SDDC and Amazon RDS

For the purpose of this article, we’ll be using WordPress application residing on Virtual Machine “linux-hybrid-app01” with IP Address 10.123.12.3 in VMC on AWS SDDC as a Front-end server and “hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com” Amazon RDS MySQL DB Instance as a backend server.

Figure 2: Architecture Diagram of Amazon RDS Integration with VMC on AWS SDDC

Let’s get started!

Creating an Amazon RDS DB Instance

Create an Amazon RDS MySQL Database (DB) Instance with appropriate instance type and configuration to fit your application use case. For this example, as this is a lab/demo environment, I’ve created a simple t3.micro MySQL DB instance on the same VPC and Availability Zone (AZ) as VMware Cloud on AWS SDDC. Below is my Amazon RDS DB Instance Configuration:

DB Engine for my DB Instance: I’ve selected “Standard Create” for DB creation method, “MySQL” for Engine Option and “MySQL Community” for Edition.

Figure 3: Create RDS DB Instance – Engine Option

In “Templates” section, I’ve selected “Dev/Test” and “Single DB Instance” with single AZ deployment.

Figure 4: Create RDS DB Instance – Deployment options

I’ve set the DB Instance Identifier as “hybrid-app-db” and set my Master username to “admin” with master user password.

Figure 5: Create RDS DB Instance – DB Settings

For Instance configuration, I’ve selected “Burstable classes – db.t3.micro” and for Storage I’ve selected “General Purpose SSD (gp2)” with “20 GiB” Allocated storage. I’ve left Storage autoscaling to its default.

Figure 6: Create RDS DB Instance – Instance Configuration and Storage

In the Connectivity section, I’ve selected “IPv4” for Network type and “mca-vpc-demo” for Virtual private cloud (VPC). Since I want the DB to be accessible only from private networks, I’ve selected “No” for Public Access. The DB is placed in “us-west-2b” Availability Zone, that the same VPC and Subnet which we selected for “Connected VPC or Customer Managed VPC” when VMC on AWS SDDC was created. For Additional configuration, we left Database port at its default value of 3306.

Figure 7: Create RDS DB Instance – Connectivity Option

I’ve pre-created security group called “hybrid-app-db” with appropriate security group rules to allow traffic from VMC on AWS SDDC application segment to the Amazon RDS DB, so I chose “hybrid-app-db” from Existing VPC security groups. Below you can see a snapshot of Security Group Inbound rules where source “10.123.12.0/24”, which is an NSX-T segment on VMC on AWS SDDC, is allowed to connect to any instances that are associated with this “hybrid-app-db” security group.

Figure 8: Create RDS DB Instance – Security Groups

For Database authentication, we selected “Password and IAM authentication”

Figure 9: Create RDS DB Instance – Database Authentication

For Additional Configuration, we kept everything at its default and once all the details were re-verified, we created the database.

Figure 10: Create RDS DB Instance – Additional configuration

Configuring the Front End server

In the vCenter management console, I’ve created a simple Debian Linux VM with Apache, MySQL Client, and other network tools installed. This Linux VM is named “linux-hybrid-app-01” and acts as an Application/Web server which is sitting on “10.123.12.0/24” NSX-T segment with IP address of “10.123.12.3”.

Figure 11: Configuring front end server – Application server

For ease of access and command execution on “linux-hybrid-app-01” application server, let’s make it publicly accessible by assigning it a Public IP address:
1. Log on to VMware Cloud Console and Navigate to VMC on AWS Console.
2. On the VMC on AWS SDDC Console, go to Networking & Security and click on Public IPs.

Figure 12: VMware Cloud Console – Networking & Security

Request a new IP, give it appropriate Note and Save.

Figure 13: VMware Cloud Console – Networking & Security – Public IPs

Note down the assigned Public IP address.

Figure 14: VMware Cloud Console – Networking & Security – Request New IP

Click on NAT under Network section and click on “ADD NAT RULE”.
Create NAT rules as shown on the picture below.

Figure 15: VMware Cloud Console – Networking & Security – Add NAT Rule

Create appropriate firewall rules to allow incoming/outgoing traffic to the Application server. In this example, we’ve allowed Any Sources to go to our Logical Segment “hybrid-ap-ls” and access Any Services. You would want to lock this down tightly in your production environment by creating more specific rules.

Configure Gateway Firewall Rule on VMC on AWS Console and ensure that you’ve correct rule created to allow Incoming and Outgoing Traffic Flow between RDS DB Instance and Application Server. Also ensure there’s HTTP/HTTPS rule that allows Any traffic to request web traffic. Below rules are applied to “All Uplinks” which includes “VPC Interface” for communication between AWS Services including Amazon RDS.

Figure 16: VMware Cloud Console – Networking & Security – Gateway Firewall Rule

“hybrid-app-ls” is a group that has 10.123.12.1/24 as it’s IP range, the application server “linux-hybrid-app01” is part of this CIDR range.

Figure 17: VMware Cloud Console – Networking & Security – Gateway Firewall Rule – Add IP range

Configure Firewall/Security Group Rules to allow traffic flow between Amazon RDS Instance “hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com” and Application Server “linux-hybrid-app01”.
1. Configure Security Group Rules associated with Amazon RDS DB Instance in AWS Web Console and ensure its Inbound Rule has correct entry for 10.123.12.0/24 on port 3306.

Figure 18: AWS Console – Configure Inbound Security Group Rule

Once above steps are complete, confirm you can access the “linux-hybrid-app01” server publicly. Below we’re creating a SSH session with the “linux-hybrid-app01” server.
```
ssh satya@35.83.166.176
```

Figure 19: SSH Application Server with Public IP address

Since we are using WordPress Application for Front End, install WordPress application with below steps:

#Install Apache:
apt install apache2

#Install PHP:
apt install php libapache2-mod-php php-mysql

#Check PHP Version:
php -v

#Go to Document Root Directory of Apache
cd /var/www/html

#Download WordPress:
wget http://wordpress.org/latest.tar.gz

#Extract content of downloaded tar file:
tar xfz latest.tar.gz

#Move everything from WordPress folder to Apache document root folder:
mv wordpress/* ./

#Remote downloaded tar file and old index.html file:
rm -f latest.tar.gz
rm index.html

#Make wp-content directory writeable to www-data:
cd /var/www/html/
chown -R www-data:www-data wp-content

#Create uploads folder and make it writeable to WordPress application:
mkdir uploads
chmod 755 -R uploads

Figure 20: Validating PHP Version information

Connect to Amazon RDS DB Instance and Create a WordPress Database and WordPress user for WordPress application.

#Connect to RDS DB Instance as an admin user:
mysql -uadmin -hhybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com -p

#Create database for WordPress:
CREATE DATABASE wordpress_db;
Create user for WordPress and provide appropriate permissions:
CREATE USER 'wordpress_admin'@'localhost' IDENTIFIED BY 'P4ssw0rd!';
GRANT ALL PRIVILEGES ON wordpress_db.*  TO 'wordpress_admin'@'localhost';
FLUSH PRIVILEGES;
exit

#Check if wordpress_admin user can connect to Amazon RDS DB Instance: 
mysql -uwordpress_admin -hhybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com -p

Figure 21: Logging on to MySQL RDS DB Instance

Figure 22: Check databases in RDS DB Instance

Update Database Connection Configuration for WordPress application to use Amazon RDS DB Instance “hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com” and appropriate WordPress user we created above by modifying wp-config.php file:

#Create Config file from Sample Config File
cp wp-config-sample.php wp-config.php

#Update wp-config.php file as below:
nano wp-config.php

define( 'DB_NAME', 'wordpress_db' );
/** MySQL database username */
define( 'DB_USER', 'wordpress_admin' );
/** MySQL database password */
define( 'DB_PASSWORD','P4ssw0rd!' );
/** Database hostname */
define( 'DB_HOST', 'hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com' );

Figure 23: Update wp-config.php file

On Web Browser, browse to the public IP address of “hybrid-linux-app01” server and configure WordPress.

Figure 24: Setting up Wordpress

If everything is successful, you can log in to WordPress and update the site content.

Figure 25: Successful Wordpress installation

Figure 26: Logging on to Wordpress Admin Site

On the WP-Admin page, you can now edit/update/add posts. All the entries will be saved in Amazon RDS database.

Figure 27: Managing Posts on Wordpress Admin Site

Figure 28: Creating new Posts on Wordpress Admin Site

Log into the Amazon RDS DB Instance as wordpress_admin user and see if WordPress database is getting populated appropriately:

Figure 29: Checking Wordpress Database on RDS DB Instance

Below select statement shows the updated post is being appropriately saved in the WordPress database in Amazon RDS DB Instance.

Figure 30: Validating newly created post exists on Wordpress Database on RDS DB Instance

And That’s It. We’ve successfully Integrated Amazon RDS with workload running on VMC on AWS SDDC. Hope you find this post useful. Comments and suggestions are welcome.

Conclusion

As you’ve seen on this post, it is very easy to integrate AWS Services such as Amazon RDS with workloads running on VMware Cloud on AWS. VMware workloads. Numerous VMware and AWS customers are rapidly building innovative enterprise grade solutions on top of VMware Cloud on AWS. If your organisation is looking to implement any use cases that we’ve discussed in this article, you can conveniently implement them as demonstrated on this article. For more information on how VMware Cloud on AWS can help your organisation with your cloud transformation and cloud migration journey, visit https://www.vmware.com/products/vmc-on-aws.html. You can also get in touch with your friendly VMware Account Representatives and Solution Engineering team to help you get started with VMware Cloud on AWS.