Configuring the AWS RDS environment

This topic tells you how to configure your AWS environment for Consuming AWS RDS on Tanzu Application Platform (TAP) with AWS Controllers for Kubernetes (ACK).


Meet the prerequisites for consuming AWS RDS on Tanzu Application Platform with AWS Controllers for Kubernetes (ACK), including using eksctl to create an EKS cluster. This procedure entails reusing the resources created when you created the cluster.

You can still create separate VPCs, subnets and security groups if you want. Ensure that these are configured such that Tanzu Application Platform workloads on EKS can discover and connect to RDS instances.

Configure the AWS RDS environment

To configure the AWS RDS environment:

  1. Use the AWS cloud console to determine the VPC ID of the EKS cluster, or run this command:

    aws eks describe-cluster --name YOUR-CLUSTER-NAME --region YOUR-REGION | \
      jq -r .cluster.resourcesVpcConfig.vpcId

    RDS instances must be configured with a subnet group consisting of two or more subnets. The subnets within the subnet group must adhere to the following rules:

    • The subnets must be in different availability zones, such as us-west-1a and us-west-1b.
    • All subnets must either be public or private, which the MapPublicIpOnLaunch value reveals.
  2. Discover existing subnets within your VPC by using the AWS Cloud console or by running:

    aws ec2 describe-subnets --filters "Name=vpc-id,Values=YOUR-VPC-ID" --region YOUR-REGION | \
      jq -r '.Subnets[] | select(.MapPublicIpOnLaunch == false) | .SubnetId'
  3. Create the following Kubernetes resource on your EKS cluster by using the subnet IDs output:

    # dbsubnetgroup.yaml
    kind: DBSubnetGroup
      namespace: ack-system
      description: rds-subnet-group
      - SUBNET-ID-1
      - SUBNET-ID-2
      - SUBNET-ID-3

    Where DB-SUBNET-GROUP-NAME, SUBNET-ID-1, SUBNET-ID-2, and SUBNET-ID-3 are your own values.

  4. Run

    kubectl apply -f dbsubnetgroup.yaml
  5. Confirm that you created DBSubnetGroup by running:

    kubectl get DBSubnetGroup -n ack-system DB-SUBNET-GROUP-NAME -o yaml
  6. Identify a suitable security group to use for the RDS instance that allows workloads running on the Tanzu Application Platform cluster to establish a connection. Do so by searching for a suitable security group within the AWS cloud console, or by running the following command, which identifies the Communication between all nodes in the cluster security group:

    aws ec2 describe-security-groups --filters "Name=vpc-id,Values=YOUR-VPC-ID" --region YOUR-REGION | \
      jq -r '.SecurityGroups[] | select(.Description == "Communication between all nodes in the cluster").GroupId'
  7. Record DB-SUBNET-GROUP-NAME and the security group ID output from the previous command. You need both when creating RDS instances as part of this use case.

check-circle-line exclamation-circle-line close-line
Scroll to top icon