Database Setup connecting to RDS - HongVoDev/Java-Angular_the-word-project GitHub Wiki
This guide outlines the steps to set up a MySQL database using Amazon RDS for your Java application.
Step 1: Create an RDS Instance
- Navigate to the RDS Service: In the AWS Management Console, go to the "RDS" service.
- Create Database: Click "Create database."
- Choose Engine: Select "MySQL" as the database engine.
- Choose a Use Case: For testing purposes you can select
Dev/Test
. - Specify Settings:
- DB Instance Identifier: Give your database instance a unique name (e.g.,
my-java-app-db
). - Master Username: Enter a username for the database administrator (e.g.,
admin
). Important: Store this securely! - Master Password: Enter a strong password. Important: Store this securely!
- DB Instance Size: select a small instance size such as
db.t3.micro
ordb.t4g.micro
.
- Connectivity Settings:
- Virtual Private Cloud (VPC): Select the VPC where your EC2 instance is located.
- Publicly Accessible: Choose
No
for production environments. For testing, you might temporarily set it toYes
, but always restrict access via security groups (see below). - VPC Security Groups: Crucially, create or select a security group that allows inbound traffic on port 3306 (the MySQL port) only from your EC2 instance's security group. This is essential for security. If you use a bastion host, also allow traffic from the bastion host's security group.
- Database Options: Set database name (e.g.,
my_java_app
). - Backup settings: Configure how often you wish to perform backups
- Create Database: Review your settings and click "Create database." It will take a few minutes for the instance to be created.
Step 2: Configure Security Group
This is the most critical step for security. Ensure your RDS instance's security group is properly configured.
- Locate the Security Group: Go to the EC2 service and find the security group associated with your RDS instance. (You likely created this or selected it in Step 1).
- Edit Inbound Rules: Edit the inbound rules for the security group.
- Add a Rule: Add a rule with the following:
- Type:
MySQL/Aurora
(This pre-populates the port as 3306) - Source: Select "Custom" and enter the security group ID of your EC2 instance (the one where your Java application is running). You can also use the security group ID of your bastion host. Do not use 0.0.0.0/0 or other overly permissive ranges in production.
- Description: (Optional) "Allow MySQL access from EC2 instance"
- Save Rules: Save the inbound rules.
Step 3: Get RDS Endpoint and Credentials
- Navigate to RDS Instance: Go back to the RDS service and find your newly created database instance.
- View Details: Click on the instance to view its details.
- Copy Endpoint: Note the "Endpoint" (also known as "hostname"). This is the address you'll use to connect to your database.
- Retrieve Credentials: You should already have the Master Username and Password from Step 1. If you've lost them and it is for local development only, you will have to re-provision the instance.
Step 4: Configure Your Java Application
- Update Connection String: In your Java application's configuration (e.g.,
application.properties
,application.yml
, or environment variables), update the database connection string (JDBC URL) with the RDS Endpoint, database name, username, and password. The JDBC URL will look something like this:
jdbc:mysql://your-rds-endpoint:3306/your_database_name
Replace your-rds-endpoint
, your_database_name
, admin
, and your_password
with the actual values.
- Test the Connection: Deploy or run your Java application and verify that it can successfully connect to the RDS database.
- Important: Remember to Close Connections: Ensure your code properly closes database connections after use to avoid resource exhaustion. Use try-with-resources statements or a connection pool.
Important Considerations:
- Security: Never expose your RDS instance directly to the internet (i.e., don't use
0.0.0.0/0
in your security group). Always use security groups to restrict access. - IAM Roles: For more advanced security, consider using IAM roles for your EC2 instance and the AWS Secrets Manager to store database credentials. Your Java application can then retrieve the credentials without hardcoding them in your configuration.
- Connection Pooling: Use a connection pool (e.g., HikariCP, Apache Commons DBCP) to improve performance and manage database connections efficiently.
- Backups: Configure regular backups of your RDS instance to prevent data loss.
- Monitoring: Monitor your RDS instance's performance metrics (CPU utilization, memory usage, disk I/O) using CloudWatch.
- Encryption: Enable encryption at rest and in transit for your RDS instance to protect sensitive data.