npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

single_instance_rds

v0.1.9

Published

**Important note:** Deploying this will cost you money. Parts of this deployment are not in the AWS free tier.

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

ksco92ksco92

Keywords

Readme

Single Instance Secure RDS

Important note: Deploying this will cost you money. Parts of this deployment are not in the AWS free tier.

Another important note: Please check the bin/single-instance-rds.ts file to set the values you want. By default, the IP and KP name are dummy values and the deployment will fail unless you change it.

And another one: Usually, single instance DBs are not production recommended due to availability and fault tolerance. Also, this uses a NAT instance instead of a NAT gateway for cost purposes.

Summary

This repo deploys a secure RDS instance in a private subnet. Additionally, it sets up password rotations for the root user. It also creates an EC2 bastion host to allow user queries via an SSH tunnel. Optionally, a network load balancer can be deployed for applications to query the instance.

If something can be KMS encrypted, it is KMS encrypted.

From a monitoring perspective, it provides a basic alarms on CPU usage, and free disk space in a CW dashboard. In the same dashboard, the VPC flow logs and PostgreSQL logs are shown.

Infrastructure

Infrastructure diagram

Assumptions

  • You know the instance size you need.
  • You are ok with a single RDS instance and no read replica or fail-overs.
  • You don't need a public endpoint (however, if you do, you can deploy the NLB).
  • You have a fixed IP you will use to connect to the DB.

Things This Doesn't Do

  • Take action on the alarms.
  • Deploy any actual database schemas, tables, etc.

Considerations

  • For someone to be able to successfully connect to the DB from outside the VPC, they would have to:
    • Have access to the secret in SM.
    • Make the request from the IP in the stack file.
    • Have access to the AWS console or CLI to CloudFormation or EC2 to get the bastion or NLB DNS.
    • Have access to the key pair for the bastion (doesn't apply if the NLB is used).
  • JetBrains IDEs for example have the ability to connect to databases using the SSH tunnel, the end user experience is smooth after the setup.
  • You can use the example_sql_to_test.sql file to play around after creating the DB.
  • The bastion has no permissions to do anything that is not the tunnel, that is why it is on a public subnet with a public address.
  • For cost purposes, a NAT instance is used instead of NAT gateways.