Setup RDS for Serverless Zeit Now Deployments

Learn all the steps needed to set up and configure an RDS MySQL server for your production full stack application.

RDS is a fantastic option for hosting your database. It has automatic database backups and logging built in and you can scale your instance as you get more users. A well suited database instance for your application ensures that you aren't paying for server costs that you don't need. While RDS is not as hands-off as DynamoDB because you will need to still scale it up and down as your needs adjust, MySQL and Postgres are more popular database options so they tend to be better supported.

In this post we will go through how you can create your very own RDS MySQL instance that’s hosted by AWS and all set up for connecting to the Zeit Now service. You’ll need this setup if you’d like to serverlessly deploy your Prisma 2 backend like we will show in our next post, but this option is also needed for other backend ORM packages such as sequelize for connecting to a database. After setting the database up, we will also go through how you can configure your security groups so that you can connect to it from the outside world or your lambda function.

Video for this post:

Step 1:

Go to the AWS console and then the RDS page. In the resources panel click on the DB Instances link. Then click the create DB button.

Go to RDS and start the database creation process.
Go to RDS and start the database creation process.

Step 2: Configure the RDS instance and template type

Create a MySQL RDS type and then click on the free tier. This probably will be more than good enough for your purposes to start. It will only run one database instance which means that it will not be fault tolerant in the event that the server dies. In the future you can always bump this up to have redundancy across three or more database instances in different availability zones.

Create a MySQL Database.
Create a MySQL Database.

Step 3: Configure the RDS settings

We can pick the instance identifier, which is what we will call this database from within. Note that this is not the database name- we will be setting that later. Next, we can set the root username and password. We can always create more users in the future with more scoped down permissions that limit which tables we can write to.

Configure the RDS user and password settings.
Configure the RDS user and password settings.

We can also disable storage autoscaling and allocate 20 GB to start.

Step 4: Configure the VPC settings

A VPC is a closed off section of the cloud. We want to create a new VPC so this database instance can live in its own little world and we want to make sure we go into the advance settings and set it open to the world. If we don’t take that additional step, we won’t be able to access it from our development machine and the Now backend instance won’t be able to reach it.

Next, we have to set the security group- think of this as a firewall. We can control access to the database by selectively opening ports and also specify which IP addresses that the requests are allowed to come from. By default all traffic is allowed out, but only port 3306 is allowed from our dev machine’s IP address. We will need to fix that later in the tutorial.

Configure VPS and security group settings.
Configure VPS and security group settings.

Step 5: Additional Configuration

Here we can create a default database. In our case I want to make one called prisma because that’s what I’m telling the prisma 2 service to write to in my configuration. We can also specify whether we’d like automatic backups. You’d certainly want this for a production database, but this is for dev purposes so I won’t worry about it.

Specify the default database and automated backups.
Specify the default database and automated backups.

Step 6: Create the database

After creating the database, AWS tells you that it will take several minutes to finish.

Waiting for the database to finish creating.
Waiting for the database to finish creating.

Database connectivity and security panel.
Database connectivity and security panel.

Step 7: Open up your incoming RDS IPs to the world

Next we need to change the security group so that it is open to the world. By default it will only be open to your current IP address, which is great for debugging, but it won’t work for Zeit’s Now service because it is up on AWS so the IP will be different. To further complicate issues, Zeit doesn’t adhere to a particular subset of IP addresses which is unfortunate because it means that we need to open up our RDS instance to the entire world and we can’t limit it to the just Zeit lambda functions. This means that it is super critical that we choose a very secure username and password so others can’t get in even if the port is exposed.

Security group for the RDS instance.
Security group for the RDS instance.

Open port 3306 to the world in the security group.
Open port 3306 to the world in the security group.

Step 8: Connect to our database

Finally we can now connect to our database. We can copy the database URL from the RDS pane. It will be something like:

yourRds-instance-someRandomId-yourRegion.rds.amazonaws.com

With the username and password we set previously and a port of 3306. You can connect to it with whatever program you like but I’m a fan of the (free!) Sequel Pro.

When you want to create a connection string it will be of the following form:

mysql://yourUsername:yourPassword@yourRds-instance-someRandomId-yourRegion.rds.amazonaws.com:3306/yourDatabasename

That’s it! Make sure that if you use this connection string in Zeit Now that you never, ever, ever commit the string to Github. If you accidentally do compromise your connection string on Github or anywhere else, make sure that you immediately change your password. Instead, use now secrets to manage your connection string. We discuss this in our post about serverless deployment, so be sure to check it out!

Learn something new? Share it with the world!

There is more where that came from!

Drop your email in the box below and we'll let you know when we publish new stuff. We respect your email privacy, we will never spam you and you can unsubscribe anytime.