Integrating Amazon RDS with workloads running in VMware Cloud on AWS

December 15, 2022

Author’s Note: This post originally appeared on the author’s personal blog, and it has been reposted with permission. 

VMware Cloud on AWS (VMC on AWS) is VMware’s flagship Public/Hybrid Cloud offering which our global customers can use around the world. VMC on AWS is the most mature cloud offering from VMware with all the enterprise features that our customers are used to. With VMC on AWS, VMware and AWS customers can build, manage, secure, modernize and operate VMware based workloads in the cloud. VMC on AWS supports many  kinds of enterprise cloud computing use cases, such as Cloud Migration, Cloud Bursting, Data Center (DC) Expansion, DC Extension, DC Evacuation, Virtual Desktop Infrastructure (VDI) in the Cloud, Application Modernization, Kubernetes, and so on.

Amazon Relational Database Service (RDS) is one of the most popular managed Database services from Amazon Web Services (AWS). Amazon RDS currently supports most of the popular Relational Databases such as MySQL, PostgreSQL, Oracle, Microsoft SQL Server along with Amazon’s own database engines - Amazon Aurora with MySQL and PostgreSQL. Customers around the world are adopting cloud databases in Amazon RDS for its simplicity, ease of use, and to off-load tedious Database maintenance responsibilities from DBAs to AWS. Amazon RDS takes care of many critical DB operations such as, upgrading, patching, High Availability, DB Resiliency, and database backups, to name a few.

The beauty of VMC on AWS running on AWS Cloud is its adjacency and proximity to AWS services. Like Amazon EC2 (Amazon’s popular Cloud Computing service), VMC on AWS is now a first-class citizen that can integrate readily with any services in AWS. The workloads residing on VMC on AWS can quickly and easily consume AWS services such as Amazon RDS, S3, EC2, Dynamo DB, Lambda, Route53 etc. When architected appropriately, integrating these workloads with AWS services, can benefit customers from “Zero” egress cost, low latency and higher performance.

Currently we are witnessing so many innovative and interesting solutions and emerging new use cases in this area, from our customers and partners around the world.

 

In this article, we will walk through steps to integrate Amazon RDS with workloads running on VMC on AWS SDDC. While these integrations can be done in many ways, with various networking constructs (VPC Peering, Transit Gateway, etc.), we will be focusing solely on integration of these services using Elastic Network Interface (ENI) or VPC Interface (as it appears on VMC on AWS Console). This is available by default when a VMC on AWS Software Defined Data Center (SDDC) is spun up and connected to a VPC (Virtual Private Cloud).

Elastic Network Interface (ENI) Basics

Graphical user interface, application</p>
<p>Description automatically generated

Figure 1: Elastic Network Interface (ENI) associated with VMC on AWS SDDC as seen on Customer managed AWS Account

Elastic Network Interface (ENI) connects VMware Cloud on AWS and the customer’s Virtual Private Cloud (VPC). It provides a high-bandwidth, low latency connection between the customer managed VPC and the VMware Cloud on AWS SDDC. When architected appropriately, there are no data egress charges across the ENI within the same Availability Zone. Appropriate firewall rules can/should be created on both ends of this connection for securing workloads.

Common Use Cases

Below are some common customer use cases that we’re currently seeing in the field where customers are integrating Amazon RDS with workloads residing on VMware Cloud on AWS SDDC:

  • Integrating existing Amazon RDS Databases with VMware workloads residing on VMC on AWS SDDC or On-premises
  • Modernizing existing databases on VMC on AWS SDDC or On-premises by moving it to Amazon RDS
  • Migrating storage heavy databases from a VMC on AWS SDDC or On-premises to Amazon RDS
  • Building new databases on Amazon RDS and accessing them from a VMC on AWS SDDC
  • Creating replicated databases between VMC on AWS SDDC and Amazon RDS

For the purpose of this article, we’ll be using WordPress application residing on Virtual Machine “linux-hybrid-app01” with IP Address 10.123.12.3 in VMC on AWS SDDC as a Front-end server and “hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com” Amazon RDS MySQL DB Instance as a backend server.
 

Timeline</p>
<p>Description automatically generated

Figure 2: Architecture Diagram of Amazon RDS Integration with VMC on AWS SDDC

Let’s get started!

Creating an Amazon RDS DB Instance

Create an Amazon RDS MySQL Database (DB) Instance with appropriate instance type and configuration to fit your application use case. For this example, as this is a lab/demo environment, I’ve created a simple t3.micro MySQL DB instance on the same VPC and Availability Zone (AZ) as VMware Cloud on AWS SDDC. Below is my Amazon RDS DB Instance Configuration:

  1. DB Engine for my DB Instance: I’ve selected “Standard Create” for DB creation method, “MySQL” for Engine Option and “MySQL Community” for Edition.
     

Graphical user interface, application</p>
<p>Description automatically generated

Figure 3: Create RDS DB Instance – Engine Option

  1. In “Templates” section, I’ve selected “Dev/Test” and “Single DB Instance” with single AZ deployment.
     

Graphical user interface, text, application, email</p>
<p>Description automatically generated
Figure 4: Create RDS DB Instance – Deployment options

  1. I’ve set the DB Instance Identifier as “hybrid-app-db” and set my Master username to “admin” with master user password.
     

Graphical user interface, text, application, email</p>
<p>Description automatically generated

Figure 5: Create RDS DB Instance – DB Settings

  1. For Instance configuration, I’ve selected “Burstable classes – db.t3.micro” and for Storage I’ve selected “General Purpose SSD (gp2)” with “20 GiB” Allocated storage. I’ve left Storage autoscaling to its default.

     

Graphical user interface, text, application</p>
<p>Description automatically generated
Figure 6: Create RDS DB Instance – Instance Configuration and Storage

  1. In the Connectivity section, I’ve selected “IPv4” for Network type and “mca-vpc-demo” for Virtual private cloud (VPC). Since I want the DB to be accessible only from private networks, I’ve selected “No” for Public Access. The DB is placed in “us-west-2b” Availability Zone, that the same VPC and Subnet which we selected for “Connected VPC or Customer Managed VPC” when VMC on AWS SDDC was created. For Additional configuration, we left Database port at its default value of 3306.
     

Graphical user interface, text, application</p>
<p>Description automatically generated
Figure 7: Create RDS DB Instance – Connectivity Option

I’ve pre-created security group called “hybrid-app-db” with appropriate security group rules to allow traffic from VMC on AWS SDDC application segment to the Amazon RDS DB, so I chose “hybrid-app-db” from Existing VPC security groups. Below you can see a snapshot of Security Group Inbound rules where source “10.123.12.0/24”, which is an NSX-T segment on VMC on AWS SDDC, is allowed to connect to any instances that are associated with this “hybrid-app-db” security group.
 

Graphical user interface, application</p>
<p>Description automatically generatedFigure 8: Create RDS DB Instance – Security Groups

  1. For Database authentication, we selected “Password and IAM authentication”
     

Graphical user interface, text, application, email</p>
<p>Description automatically generated

Figure 9: Create RDS DB Instance – Database Authentication

  1. For Additional Configuration, we kept everything at its default and once all the details were re-verified, we created the database.
     

Graphical user interface, text, application, email</p>
<p>Description automatically generatedFigure 10: Create RDS DB Instance – Additional configuration

Configuring the Front End server

  1. In the vCenter management console, I’ve created a simple Debian Linux VM with Apache, MySQL Client, and other network tools installed. This Linux VM is named “linux-hybrid-app-01” and acts as an Application/Web server which is sitting on “10.123.12.0/24” NSX-T segment with IP address of “10.123.12.3”.
     

Graphical user interface, text, application, email, website</p>
<p>Description automatically generatedFigure 11: Configuring front end server – Application server

  1. For ease of access and command execution on “linux-hybrid-app-01” application server, let’s make it publicly accessible by assigning it a Public IP address:
    1. Log on to VMware Cloud Console and Navigate to VMC on AWS Console.
    2. On the VMC on AWS SDDC Console, go to Networking & Security and click on Public IPs.
       

Graphical user interface</p>
<p>Description automatically generatedFigure 12: VMware Cloud Console – Networking & Security

  1. Request a new IP, give it appropriate Note and Save.
     

Graphical user interface, text, application</p>
<p>Description automatically generatedFigure 13: VMware Cloud Console – Networking & Security – Public IPs

  1. Note down the assigned Public IP address.
     

Graphical user interface, application</p>
<p>Description automatically generatedFigure 14: VMware Cloud Console – Networking & Security – Request New IP

  1. Click on NAT under Network section and click on “ADD NAT RULE”.
  2. Create NAT rules as shown on the picture below.
     

Graphical user interface, text, application</p>
<p>Description automatically generatedFigure 15: VMware Cloud Console – Networking & Security – Add NAT Rule

  1. Create appropriate firewall rules to allow incoming/outgoing traffic to the Application server. In this example, we’ve allowed Any Sources to go to our Logical Segment “hybrid-ap-ls” and access Any Services. You would want to lock this down tightly in your production environment by creating more specific rules.
  1. Configure Gateway Firewall Rule on VMC on AWS Console and ensure that you’ve correct rule created to allow Incoming and Outgoing Traffic Flow between RDS DB Instance and Application Server. Also ensure there’s HTTP/HTTPS rule that allows Any traffic to request web traffic. Below rules are applied to “All Uplinks” which includes “VPC Interface” for communication between AWS Services including Amazon RDS.
     

Graphical user interface, application</p>
<p>Description automatically generatedFigure 16:  VMware Cloud Console – Networking & Security – Gateway Firewall Rule

  1. “hybrid-app-ls” is a group that has 10.123.12.1/24 as it’s IP range, the application server “linux-hybrid-app01” is part of this CIDR range.
     

Graphical user interface, text, application, email</p>
<p>Description automatically generatedFigure 17:  VMware Cloud Console – Networking & Security – Gateway Firewall Rule – Add IP range

 

  1. Configure Firewall/Security Group Rules to allow traffic flow between Amazon RDS Instance “hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com” and Application Server “linux-hybrid-app01”.
    1. Configure Security Group Rules associated with Amazon RDS DB Instance in AWS Web Console and ensure its Inbound Rule has correct entry for 10.123.12.0/24 on port 3306.
       

Graphical user interface, application</p>
<p>Description automatically generatedFigure 18: AWS Console – Configure Inbound Security Group Rule

 

  1. Once above steps are complete, confirm you can access the “linux-hybrid-app01” server publicly. Below we’re creating a SSH session with the “linux-hybrid-app01” server.
    ssh satya@35.83.166.176

     

Text</p>
<p>Description automatically generatedFigure 19: SSH Application Server with Public IP address

  1. Since we are using WordPress Application for Front End, install WordPress application with below steps:
    #Install Apache:
    apt install apache2
    
    #Install PHP:
    apt install php libapache2-mod-php php-mysql
    
    #Check PHP Version:
    php -v
    
    #Go to Document Root Directory of Apache
    cd /var/www/html
    
    #Download WordPress:
    wget http://wordpress.org/latest.tar.gz
    
    #Extract content of downloaded tar file:
    tar xfz latest.tar.gz
    
    #Move everything from WordPress folder to Apache document root folder:
    mv wordpress/* ./
    
    #Remote downloaded tar file and old index.html file:
    rm -f latest.tar.gz
    rm index.html
    
    #Make wp-content directory writeable to www-data:
    cd /var/www/html/
    chown -R www-data:www-data wp-content
    
    #Create uploads folder and make it writeable to WordPress application:
    mkdir uploads
    chmod 755 -R uploads

     

Text</p>
<p>Description automatically generatedFigure 20: Validating PHP Version information 

 

  1. Connect to Amazon RDS DB Instance and Create a WordPress Database and WordPress user for WordPress application.

    #Connect to RDS DB Instance as an admin user:
    ​​​​​​​mysql -uadmin -hhybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com -p
    
    #Create database for WordPress:
    CREATE DATABASE wordpress_db;
    Create user for WordPress and provide appropriate permissions:
    CREATE USER 'wordpress_admin'@'localhost' IDENTIFIED BY 'P4ssw0rd!';
    GRANT ALL PRIVILEGES ON wordpress_db.*  TO 'wordpress_admin'@'localhost';
    FLUSH PRIVILEGES;
    exit
    
    #Check if wordpress_admin user can connect to Amazon RDS DB Instance: 
    mysql -uwordpress_admin -hhybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com -p

 

Text</p>
<p>Description automatically generatedFigure 21: Logging on to MySQL RDS DB Instance 

 

Graphical user interface, text, application, email</p>
<p>Description automatically generatedFigure 22: Check databases in RDS DB Instance

  1. Update Database Connection Configuration for WordPress application to use Amazon RDS DB Instance “hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com” and appropriate WordPress user we created above by modifying wp-config.php file:
    #Create Config file from Sample Config File
    cp wp-config-sample.php wp-config.php
    
    #Update wp-config.php file as below:
    nano wp-config.php
    
    define( 'DB_NAME', 'wordpress_db' );
    /** MySQL database username */
    define( 'DB_USER', 'wordpress_admin' );
    /** MySQL database password */
    define( 'DB_PASSWORD','P4ssw0rd!' );
    /** Database hostname */
    define( 'DB_HOST', 'hybrid-app-db.cgumk82u6xsd.us-west-2.rds.amazonaws.com' );
    

     

    Graphical user interface, text, application, email</p>
<p>Description automatically generatedFigure 23: Update wp-config.php file

    1. On Web Browser, browse to the public IP address of “hybrid-linux-app01” server and configure WordPress.
       

    Graphical user interface, text, application, email</p>
<p>Description automatically generatedFigure 24: Setting up Wordpress

    1. If everything is successful, you can log in to WordPress and update the site content.
       

    Graphical user interface, text, application, email, Teams</p>
<p>Description automatically generatedFigure 25: Successful Wordpress installation

     

    Graphical user interface, application</p>
<p>Description automatically generatedFigure 26: Logging on to Wordpress Admin Site

     

    1. On the WP-Admin page, you can now edit/update/add posts. All the entries will be saved in Amazon RDS database.
       

    Graphical user interface, text, application</p>
<p>Description automatically generatedFigure 27: Managing Posts on Wordpress Admin Site

     

    Graphical user interface, text, application</p>
<p>Description automatically generatedFigure 28: Creating new Posts on Wordpress Admin Site

    1. Log into the Amazon RDS DB Instance as wordpress_admin user and see if WordPress database is getting populated appropriately:
       

    Graphical user interface, text, application, email</p>
<p>Description automatically generatedFigure 29: Checking Wordpress Database on RDS DB Instance

    Below select statement shows the updated post is being appropriately saved in the WordPress database in Amazon RDS DB Instance.
     

    Table</p>
<p>Description automatically generatedFigure 30: Validating newly created post exists on Wordpress Database on RDS DB Instance

    And That’s It. We’ve successfully Integrated Amazon RDS with workload running on VMC on AWS SDDC. Hope you find this post useful. Comments and suggestions are welcome.

    Conclusion

    As you’ve seen on this post, it is very easy to integrate AWS Services such as Amazon RDS with workloads running on VMware Cloud on AWS. VMware workloads. Numerous VMware and AWS customers are rapidly building innovative enterprise grade solutions on top of VMware Cloud on AWS. If your organisation is looking to implement any use cases that we’ve discussed in this article, you can conveniently implement them as demonstrated on this article. For more information on how VMware Cloud on AWS can help your organisation with your cloud transformation and cloud migration journey, visit https://www.vmware.com/products/vmc-on-aws.html. You can also get in touch with your friendly VMware Account Representatives and Solution Engineering team to help you get started with VMware Cloud on AWS.

    Filter Tags

    App Modernization Cloud Migration AWS Services VMware Cloud on AWS Blog Technical Walkthrough Enterprise Applications Getting Started Integrations Overview Intermediate Design Deploy