Relational (SQL) databases

Overview and basic concepts

Relational databases allow you to deploy a fully managed relational (SQL) database to your stack. You can choose from multiple database types, such as PostgreSQL, MySQL, MariaDB, Oracle Database or SQL Server.
They are easy to set up, operate and scale. They automate capacity scaling, hardware & VM provisioning, database setup, patching, logging, backups and more.
Stacktape supports 3 underlying engine categories, with different topology and scaling behavior:
- Rds engine: default, cheapest, single-node database with optional read replicas for higher performance and Multi AZ standby instances for increased resilience and fault tolerance.
- Aurora engine: mutli-node, highly available database cluster with increased durability and performance.
- Aurora serverless engine: similar to Aurora engine, but with support for automatic usage-based scaling.

When to use

Advantages

Disdvantages

Basic usage

Relational databases require an active connection. To establish a connection, you typically need host (database endpoint), port, database_name, database_user_name and database_user_password.
You can pass these properties as environment variables to your workloads.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('database.password')
      engine:
        type: postgres
        properties:
          dbName: mydatabase
          port: 5432
          storage:
            diskSizeGB: 20
          instance:
            dbInstanceSize: db.t3.micro

  apiServer:
    type: container-workload
    properties:
      resources:
        cpu: 1
        memory: 1024
      containers:
        - name: api-container
          imageConfig:
            filePath: src/main.ts
          environment:
            - name: DB_USER
              value: $This().resources.myDatabase.properties.credentials.masterUserName
            - name: DB_PASSWORD
              value: $Secret('database.password')
            - name: DB_HOST
              value: $Param('myDatabase', 'DbInstance::Endpoint.Address')
            - name: DB_PORT
              value: $Param('myDatabase', 'DbInstance::Endpoint.Port')
            - name: DB_NAME
              value: $This().resources.myDatabase.properties.engine.properties.dbName

Single-node Postgres database that uses RDS Engine


import express from 'express';
import { Pool } from 'pg';

const pgPool = new Pool({
  user: process.env.DB_USER,
  host: process.env.DB_HOST,
  database: process.env.DB_NAME,
  password: process.env.DB_PASSWORD,
  port: process.env.DB_PORT
});

const app = express();

app.get('/time', async (req, res) => {
  const result = await pgPool.query('SELECT NOW()');
  const time = result.rows[0];

  res.send(time);
});

app.listen(3000, () => {
  console.info('Server running on port 3000');
});

Container workload connecting to the database

Database credentials

Configures credentials for the database master user.
You should not input these directly. The recommended way is using a .env file together with File directive or using secrets.


resources:
  myRelationalDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: $File('.env').DB_USER_NAME
        masterUserPassword: $Secret('dbCredentials.password')
      engine:
        type: postgres
        properties:
          dbName: my-database
          port: 5432
          storage:
            diskSizeGB: 40
          instance:
            dbInstanceSize: db.t3.micro

RelationalDatabaseCredentials API reference

Parent API reference: RelationalDatabase

masterUserName

Required

Username of the database master user

Type: string

masterUserPassword

Required

Password of the database master user

Type: string

Engine

Database engine determines multiple important properties of your database:
- Database type (PostgreSQL, MySQL, MariaDB, Oracle Database or SQL Server)
- Performance
- High availability and fault tolerance
- Scaling behavior
- Pricing

Rds Engine

To use the RDS engine, set the engine.type property to postgres, mysql, mariadb, oracle-ee, oracle-se2, sqlserver-ee, sqlserver-ex, sqlserver-se or sqlserver-web.
RDS engine is the default, cheapest, single-node, fully managed database engine.
RdsEngine is not highly available or fault-tolerant by default. However, Stacktape allows you to configure a standby instance in a different AZ (Availability zone) to increase resilience or add read replicas to increase read performance.

RdsEngine API reference

Parent API reference: RelationalDatabase

type

Required

No description

Type: string ENUM

Possible values: mariadbmysqloracle-eeoracle-se2postgressqlserver-eesqlserver-exsqlserver-sesqlserver-web

properties.port

Required

The port on which the database server will accept client connections.

Type: number

properties.primaryInstance

Required

Configures the primary database instance

Type: RdsEnginePrimaryInstance

properties.dbName

Meaning of this parameter differs based on the database type.

Type: string

mysql: The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.
mariadb: The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.
postgres: The name of the database to create when the DB instance is created. If this parameter is not specified, the default postgres database is created in the DB instance.
oracle-se2 + oracle-ee: The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName.
sqlserver-ee + sqlserver-ex + sqlserver-se + sqlserver-web: Not applicable. Must be null.

properties.storage

Configures the storage (disk size) for the database

Type: RdsEngineStorage

When you run out of free database space, your storage will automatically scale up.
By default, scales between 20GB and 200GB.
The scaling process happens when the following conditions are met:
- Free available space` is less than 10 percent of the allocated storage
- The low-storage condition lasts at least five minutes.
- At least six hours have passed since the last storage modification.
To learn more about storage autoscaling, refer to AWS Docs

properties.readReplicas

List of read replicas (replicas of primary instance)

Type: Array of RdsEngineReadReplica

Read replicas help to decrease the load on the primary instance by serving a read-only database requests.
Replication uses database's native asynchronous replication to update the read replicas whenever there is a change to the primary instance.
Each read replica has its own database endpoint.

properties.version

Version of the database

Type: string

Instance size

Allows you to choose the database instance size. Each instance size offers different combination of CPU, memory, storage, and networking capacity.
To see a list of available instances, refer to AWS docs

Not every instance size is supported for every database engine, version or region. Refer to AWS Docs for detailed breakdown of supported combinations.

Instance size can be configured for both primary instance and read replicas.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: postgres
        properties:
          dbName: app-db
          port: 5432
          storage:
            diskSizeGB: 20
          primaryInstance:
            instanceSize: db.t3.micro

MultiAz mode

When enabled, the data is replicated to a standby instance in a different AZ (Availability Zone).
If the default (primary) instance fails, the failover to the standby instance in another AZ is performed.
The failover to the standy instance is synchronous (highly durable).
The standby instance can not be directly accessed (doesn't have its own database endpoint).
In contrast to using replicas, standby instance can fully take-over the responsibilities of the primary instance, while replicas can only be used for read operations.
Reduces the impact of maintenance. The maintenance is performed on the standby instance first, promotes the standby instance to a primary instance, and then performs maintenance on the old primary instance which is now a standby replica.

Multi AZ (Availability zone) mode can be configured for both primary instances and read replicas.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: postgres
        properties:
          dbName: mydatabase
          port: 5432
          storage:
            diskSizeGB: 40
          primaryInstance:
            dbInstanceSize: db.t3.micro
            multiAz: true

RdsEnginePrimaryInstance API reference

Parent API reference: RdsEngineProperties

instanceSize

Required

Database instance size

Type: string

Allows you to choose the database instance size. Each instance size offers different combination of CPU, memory, storage, and networking capacity.
To see a list of available instances, refer to AWS docs

Not every instance size is supported for every database engine, version or region. Refer to AWS Docs for detailed breakdown of supported combinations.

multiAz

Specifies whether the database instance is deployed to multiple Availability Zones

Type: boolean

When enabled, the data is replicated to a standby instance in a different AZ (Availability Zone).
If the default (primary) instance fails, the failover to the standby instance in another AZ is performed.
The failover to the standy instance is synchronous (highly durable).
The standby instance can not be directly accessed (doesn't have its own database endpoint).
In contrast to using replicas, standby instance can fully take-over the responsibilities of the primary instance, while replicas can only be used for read operations.
Reduces the impact of maintenance. The maintenance is performed on the standby instance first, promotes the standby instance to a primary instance, and then performs maintenance on the old primary instance which is now a standby replica.

Read replicas

Read replicas help to decrease the load on the primary instance by serving a read-only database requests.
Replication uses database's native asynchronous replication to update the read replicas whenever there is a change to the primary instance.
Each read replica has its own database endpoint.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: postgres
        properties:
          dbName: app-db
          port: 5432
          storage:
            diskSizeGB: 20
          primaryInstance:
            instanceSize: db.t3.micro
          readReplicas:
            - instanceSize: db.t3.micro
            - instanceSize: db.t3.micro

RdsEngineReadReplica API reference

Parent API reference: RdsEngineProperties

instanceSize

Required

Database instance size

Type: string

Allows you to choose the database instance size. Each instance size offers different combination of CPU, memory, storage, and networking capacity.
To see a list of available instances, refer to AWS docs

Not every instance size is supported for every database engine, version or region. Refer to AWS Docs for detailed breakdown of supported combinations.

multiAz

Specifies whether the database instance is deployed to multiple Availability Zones

Type: boolean

When enabled, the data is replicated to a standby instance in a different AZ (Availability Zone).
If the default (primary) instance fails, the failover to the standby instance in another AZ is performed.
The failover to the standy instance is synchronous (highly durable).
The standby instance can not be directly accessed (doesn't have its own database endpoint).
In contrast to using replicas, standby instance can fully take-over the responsibilities of the primary instance, while replicas can only be used for read operations.
Reduces the impact of maintenance. The maintenance is performed on the standby instance first, promotes the standby instance to a primary instance, and then performs maintenance on the old primary instance which is now a standby replica.

Storage

When you run out of free database space, your storage will automatically scale up.
By default, scales between 20GB and 200GB.
The scaling process happens when the following conditions are met:
- Free available space` is less than 10 percent of the allocated storage
- The low-storage condition lasts at least five minutes.
- At least six hours have passed since the last storage modification.
To learn more about storage autoscaling, refer to AWS Docs


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: postgres
        properties:
          dbName: mydatabase
          port: 5432
          primaryInstance:
            dbInstanceSize: db.t3.micro
          storage:
            initialSize: 40
            maxSize: 400

RdsEngineStorage API reference

Parent API reference: RdsEngineProperties

initialSize

Default: 20Required

Initial amount of storage (disk size in GB) your database will have when created

Type: number

Minimum 20

maxSize

Default: 200

Maximum amount of storage (disk size in GB) your database can scale up to

Type: number

If you are running out of the free database space, your storage is automatically scaled up.
The scaling process happens when the following conditions are met:
- Free available space` is less than 10 percent of the allocated storage
- The low-storage condition lasts at least five minutes.
- At least six hours have passed since the last storage modification.
To learn more about storage autoscaling, refer to AWS Docs

Aurora Engine

To use the Aurora engine, set the engine.type property to aurora-postgresql or aurora-mysql.
Fully-managed, AWS-developed engine with clustering support, high-availability, increased durability & performance.
Compute instances (nodes) run in a single Availability Zones. Storage is automatically replicated 6-ways accross 3 availability zones.
Automatically load-balances read operations between nodes.
Automatic failover - if a primary instance fails, one of the read replicas is elected as a new primary instance.
To learn more about the AuroraEngine, refer to AWS Docs


resources:
  auroraSlsPostgres:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbSecret.password')
      engine:
        type: aurora-postgresql
        properties:
          dbName: mydatabase
          instances:
            - dbInstanceSize: db.t3.medium
          port: 5432

AuroraEngine API reference

Parent API reference: RelationalDatabase

type

Required

No description

Type: string ENUM

Possible values: aurora-mysqlaurora-postgresql

properties.port

Required

The port on which the database server will accept connections.

Type: number

properties.instances

Required

List of database instances that make up the Aurora cluster

Type: Array of AuroraEngineInstance

First instance in this list is by default a primary instance, which can be used for both reads and writes.
Rest of the instances can be used for reads only.
Aurora cluster automatically balances read request between all of the instances.
In a case of a primary instance failure, Aurora cluster selects another instance to be the primary instance.

properties.dbName

Configures the name of the default database in the database cluster

Type: string

The default behaviour differs based on the used engine:

aurora-mysql - if not specified, no database is created.
aurora-postgresql - if not specified, a database named postgres is created.

properties.version

Version of the database

Type: string

AuroraEngineInstance API reference

Parent API reference: AuroraEngineProperties

instanceSize

Database instance size

Type: string

Allows you to choose the database instance size. Each instance size offers different combination of CPU, memory, storage, and networking capacity.
For a list of available instance types, refer to AWS docs

Aurora Serverless Engine

To use the Aurora Serverless engine, set the engine.type property to aurora-postgresql-serverless or aurora-mysql-serverless.
Fully-managed AWS-developed engine with clustering support, high-availability, increased durability & performance.
Similar to AuroraEngine type, but automatically scales based on usage. Scaling is done using ACUs (Aurora Compute units).
Each ACU has ~2GB of RAM and 1 virtual CPU.
Can scale to 0 ACUs (database is paused, and you don't pay anything).
To learn more about AuroraServerlessEngine, refer to AWS Docs

AuroraServerlessEngine API reference

Parent API reference: RelationalDatabase

type

Required

No description

Type: string ENUM

Possible values: aurora-mysql-serverlessaurora-postgresql-serverless

properties.dbName

Configures the name of the default database in the database cluster

Type: string

The default behaviour differs based on the used engine:

aurora-mysql - if not specified, no database is created.
aurora-postgresql - if not specified, a database named postgres is created.

properties.minCapacity

Default: 2

The minimum capacity units the database can scale down to

Type: number

Serverless databases use ACUs (or Aurora Capacity Units) to measure database capacity. Each ACU has approximately 2 GB of memory with corresponding CPU and networking resources.
Allowed values:
- For aurora-mysql-serverless: 1, 2, 4, 8, 16, 32, 64, 128, and 256.
- For aurora-postgres-serverless: 2, 4, 8, 16, 32, 64, 128, and 256.

properties.maxCapacity

Default: 4

The maximum capacity units the database can scale up to

Type: number

Serverless databases use ACUs (or Aurora Capacity Units) to measure database capacity. Each ACU has approximately 2 GB of memory with corresponding CPU and networking resources.
Allowed values:
- For aurora-mysql-serverless: 1, 2, 4, 8, 16, 32, 64, 128, and 256.
- For aurora-postgres-serverless: 2, 4, 8, 16, 32, 64, 128, and 256.

properties.pauseAfterSeconds

Time in seconds after the idle serverless database is paused

Type: number

Database is considered idle when it has no active connections.
By default, the database is never paused (it is kept at minimal capacity).
Allowed values are between 300 (5 minutes) and 86400 (24 hours).

properties.version

Version of the database

Type: string


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbSecret.password')
      engine:
        type: aurora-postgresql-serverless
        properties:
          dbName: mydatabase
          minCapacity: 4
          maxCapacity: 8
          pauseAfterSeconds: 600

Backups

Databases are automatically backed up once a day.
Maximum retention period is 35 days.
You can disable automated backups by setting the value to 0 (works only for RDS engines).
You can also take manual backup snapshots (in the console or using the API). The retention is not applied to manual backups.
By default, backups are retained for 1 day.
To learn more about RDS engine backups, refer to RDS engine backups AWS Docs.
To learn more about Autora engine backups, refer to Aurora engine backups AWS Docs.


resources:
  myPgSql:
    type: 'relational-database'
    properties:
      credentials:
        masterUserName: commander
        masterUserPassword: mySecretPassword
      engine:
        type: postgres
        properties:
          port: 5432
          storage:
            diskSizeGB: 20
          instance:
            dbInstanceSize: db.t3.micro
      automatedBackupRetention: 5

Connection pool size

Depending on the number of clients connecting to your database, you might want to adjust the connection pool size.
Note that every new connection consume database resources.
Depending on the database and client connecting to the database, it can also take 10s to 100s of milliseconds to initialize a database connection.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: postgres
        properties:
          dbName: mydatabase
          port: 5432
          primaryInstance:
            dbInstanceSize: db.t3.micro
          databaseParameters:
            connectionPoolSize: 50

Closing zombie connections

Connections initiated by resources that are no longer running (for example stopped containers) can result in so called "zombie" connections.
Modern, cloud-native architectures usually include horizontally scalable, ephemeral (short-lived) resources. When using these resources, you should have a strategy of dealing with zombie connections.

From container workloads

For connections initiated from container workloads, you shouldn't forget to close the connection before your container exits. For example, ou can hook to a sigterm signal.


const connectionPool = createConnectionPool();

// remember to close the connection even on errors
process
  .on('uncaughtException', () => {
    connectionPool.close();
    process.exit(1);
  })
  .on('unhandledRejection', () => {
    connectionPool.close();
    process.exit(1);
  });

process.on('SIGTERM', () => {
  connectionPool.close();
  process.exit(0);
});

Example of closing

From batch jobs

For connections initiated from batch jobs, you shouldn't forget to close the connection before your batch job finishes its job and your container exits.


const connectionPool = createConnectionPool();

connectionPool.connect();

// remember to close the connection even on errors
process
  .on('uncaughtException', () => {
    connectionPool.close();
    process.exit(1);
  })
  .on('unhandledRejection', () => {
    connectionPool.close();
    process.exit(1);
  });

doSomethingWithYourConnection();

connectionPool.close();

From lambda functions

For connections initiated from lambda functions, you have 2 options:

Initialize and close the connection INSIDE the function handler.

This way you can avoid having a zombie connection.

This approach is not optimal, because creating a database connection can be slow (can take 10s to 100s of milliseconds).


import { Client } from 'pg';

const handler = async (event, context) => {
  const pgClient = new Client({
    user: process.env.DB_USER,
    host: process.env.DB_HOST,
    database: process.env.DB_NAME,
    password: process.env.DB_PASSWORD,
    port: process.env.DB_PORT
  });

  await pgClient.connect();

  const result = await pgClient.query('SELECT NOW()');
  const time = result.rows[0];

  await pgClient.end();

  return { result: time };
};

export default handler;

Initialize connections OUTSIDE the function handler

reuse it in every function invocation.

This WILL result in zombie connections, when the container running your function stops (you can't hook to a lambda container SIGTERM signal to close it). In this case, you should do 2 things:

lower your database connection timeout (using a database parameter based on the database used):
- for Postgres, set idle_in_transaction_session_timeout to something like 30min, tcp_keepalives_idle to 30min and tcp_keepalives_interval to 1min). This means inactive connections will be closed by the database.
- for MySQL, @todo

if a database request fails because of a closed connection, you should re-create it within your application code.


import { Client } from 'pg';

const pgClient = new Client({
  user: process.env.DB_USER,
  host: process.env.DB_HOST,
  database: process.env.DB_NAME,
  password: process.env.DB_PASSWORD,
  port: process.env.DB_PORT
});

(async () => {
  await pgClient.connect();
})();

const handler = async (event, context) => {
  const result = await pgClient.query('SELECT NOW()');
  const time = result.rows[0];

  return { result: time };
};

export default handler;

Accessibility

You can configure which resources and hosts can access your cluster.
To access your database, you always need to use your database user credentials.
On top of that, Stacktape allows your to restrict the accessibility of your database to only certain resources or hosts.

DatabaseAccessibility API reference

Parent API reference: RelationalDatabase

accessibilityMode

Default: 'internet'Required

Configures the accessibility mode for this database

Type: string ENUM

Possible values: internetscoping-workloads-in-vpcvpcwhitelisted-ips-only

The following modes are supported:

internet - Least restrictive mode. The database can be accessed from anywhere on the internet.
vpc - The database can be accessed only from resources within the same VPC. This means any function (provided it has joinDefaultVpc set to true), batch job or container workload within your stack can access the cluster. Additionally, IP addresses configured in whitelistedIps can also access the database (even from the internet). To disable this behavior, and enforce database isolation ONLY to the VPC, you can set the forceDisablePublicIp property.
scoping-workloads-in-vpc - similar to vpc mode, but even more restrictive. In addition to being in the same VPC, the resources and hosts accessing your database must also have sufficient IAM permissions (for funtions, batch jobs and container workloads, these permissions can be granted using allowsAccessTo or iamRoleStatements in their configuration). Additionally, IP addresses configured in whitelistedIps can also access the database (even from the internet). To disable this behavior, and enforce database isolation, you can set the forceDisablePublicIp property.
whitelisted-ips-only - The database can only be accessed from an IP addresses and CIDR blocks listed in the whitelistedIps list.

The AuroraServerlessEngine does not support public IPs. Because of that, it only supports vpc and scoping-workloads-in-vpc modes. In this case, interacting with your database from you own computer can be complicated. You can do it in 2 ways:

Use Aurora Serverless Data Api. Unfortunately, the Data API isn't a full replacement for a normal database connection and can be slow.
Use a bastion server. Native support for bastion servers in Stacktape will be available soon.

To learn more about VPCs, refer to VPC Docs.

forceDisablePublicIp

Forcefully disables the public (internet) accessibility of the database endpoint

Type: boolean

Used to increase the level of database isolation and to ensure NO connections are coming from outer internet.

You can only set this property during the first deployment of the stack (when the database is created), not during stack update (subsequent deploys). Therefore, if you deploy a database with a public IP, you CAN NOT disable its public IP in a subsequent deploy. Conversly, if the database is deployed with disablePublicIp set to true, the property cannot be changed in a subsequent deploys.

whitelistedIps

List of IP addresses or IP ranges (in CIDR format)

Type: Array of string

The behavior of this property varies based on accessibilityMode:

in the internet mode, this property has no effect as the database is are already accessible from everywhere.
in the vpc mode and scoping-workloads-in-vpc mode, these IP addresses/ranges can be used to allow access from a speicific addresses outside of the VPC (i.e IP address of your office).
in the whitelisted-ips-only mode, these addresses/ranges are the only addresses that can access the database.

Internet mode

Default mode.
Least restrictive. The database can be accessed from anywhere on the internet.

VPC mode

The database can be accessed only from resources within the default VPC.
Any function (provided it has joinDefaultVpc set to true), batch job or container workload within your stack can access the database.
Additionally, IP addresses configured in whitelistedIps can also access the database (even from the internet). To disable this behavior, and enforce database isolation ONLY to the VPC, you can set the forceDisablePublicIp property.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: aurora-postgresql
        properties:
          instances:
            - dbInstanceSize: db.t3.medium
          port: 5432
      accessibility:
        accessibilityMode: vpc

  myFunction:
    type: function
    properties:
      packageConfig:
        filePath: path/to/my/function.ts
      joinDefaultVpc: true

Scoping workloads in VPC mode

Similar to vpc mode, but even more restrictive. In addition to resource being in the VPC, any host or resource trying to access your database must also have the sufficient IAM (Identity and Access management) permissions. You can grant these permission to your workloads in 2 ways:
- configuring allowAccessTo on your workload (functions, container workloads, batch jobs)
- configuring iamRoleStatements on your workload (functions, container workloads, batch jobs)
Additionally, IP addresses configured in whitelistedIps can also access the database (even from the internet). To disable this behavior, and enforce database isolation, you can set the forceDisablePublicIp property.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: aurora-postgresql
        properties:
          instances:
            - dbInstanceSize: db.t3.medium
          port: 5432
      accessibility:
        accessibilityMode: scoping-workloads-in-vpc
  myFunction:
    type: function
    properties:
      packageConfig:
        filePath: path/to/my/function.ts
      joinDefaultVpc: true
      accessControl:
        allowAccessTo:
          - myDatabase

Whitelisted IPs only mode

The database can only be accessed from an IP addresses and CIDR blocks listed in the whitelistedIps list.


resources:
  myDatabase:
    type: relational-database
    properties:
      credentials:
        masterUserName: admin
        masterUserPassword: $Secret('dbPassword')
      engine:
        type: aurora-postgresql
        properties:
          instances:
            - dbInstanceSize: db.t3.medium
          port: 5432
      accessibility:
        accessibilityMode: whitelisted-ips-only
        whitelistedIps:
          - '147.25.33.12'

Pricing

Pricing heavily dependes on the engine used.

RDS engines:

Database server instance
- Price depends on the instance size and region. Allowed instances depend on the database type. Postgres instances MySQL instances, Maria db instances, Oracle db, SQL server.
Storage
- $0.115 - $0.238 per GB-month
Backups:
- For automated backups with default retention setting (where you never store more than 100% of your total database storage), there is no additional charge.
- Additional backup storage is $0.095 per GB-month.

Aurora engines:

Database server instance
- Price depends on the instance sizes and region. To see exact prices, refer to AWS pricing page
- Price starts at $0.073 / hour.
Storage
- $0.10 - $0.19 per GB-month
I/O Rate
- $0.20 - $0.28 per 1 million read/write operations
Backups
- For automated backups with default retention setting (where you never store more than 100% of your total database storage), there is no additional charge.
- Additional backup storage is $0.021 - $0.037 per GB-month.

Aurora serverless:

ACUs (Aurora capacity units)
- Each capacity unit has ~2GB of memory, ~1 Virtual CPU and corresponding network capabilities
- 1 ACU costs $0.06 - $0.10 (depending on region)
- Aurora Serverless databases can scale to 0 ACUs (with no costs)
Storage, I/O Rate and Backups cost the same amount as Aurora non-serverless.

Data transfer charges (same for all engines).

IN transfer: free
OUT to VPC (subnet in the same Availability zone): free
OUT to VPC (subnet in different Availability zone): $0.01 per GB ($0.02, because you are paying on both sides)
OUT to Internet: first 1 GB free, then $0.09 -$0.15 per GB

FREE TIER (eligible for first 12 months)

750 Hours per month of db.t2.micro database usage (applicable DB engines)
20 GB of General Purpose (SSD) database storage \
20 GB of storage for database backups and DB Snapshots

API reference

RdsEngineProperties API reference

Parent API reference: RdsEngine

port

Required

The port on which the database server will accept client connections.

Type: number

primaryInstance

Required

Configures the primary database instance

Type: RdsEnginePrimaryInstance

dbName

Meaning of this parameter differs based on the database type.

Type: string

mysql: The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.
mariadb: The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.
postgres: The name of the database to create when the DB instance is created. If this parameter is not specified, the default postgres database is created in the DB instance.
oracle-se2 + oracle-ee: The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName.
sqlserver-ee + sqlserver-ex + sqlserver-se + sqlserver-web: Not applicable. Must be null.

storage

Configures the storage (disk size) for the database

Type: RdsEngineStorage

When you run out of free database space, your storage will automatically scale up.
By default, scales between 20GB and 200GB.
The scaling process happens when the following conditions are met:
- Free available space` is less than 10 percent of the allocated storage
- The low-storage condition lasts at least five minutes.
- At least six hours have passed since the last storage modification.
To learn more about storage autoscaling, refer to AWS Docs

readReplicas

List of read replicas (replicas of primary instance)

Type: Array of RdsEngineReadReplica

Read replicas help to decrease the load on the primary instance by serving a read-only database requests.
Replication uses database's native asynchronous replication to update the read replicas whenever there is a change to the primary instance.
Each read replica has its own database endpoint.

version

Version of the database

Type: string

AuroraEngineProperties API reference

Parent API reference: AuroraEngine

port

Required

The port on which the database server will accept connections.

Type: number

instances

Required

List of database instances that make up the Aurora cluster

Type: Array of AuroraEngineInstance

First instance in this list is by default a primary instance, which can be used for both reads and writes.
Rest of the instances can be used for reads only.
Aurora cluster automatically balances read request between all of the instances.
In a case of a primary instance failure, Aurora cluster selects another instance to be the primary instance.

dbName

Configures the name of the default database in the database cluster

Type: string

The default behaviour differs based on the used engine:

aurora-mysql - if not specified, no database is created.
aurora-postgresql - if not specified, a database named postgres is created.

version

Version of the database

Type: string