How to Create a VPC for Use with Amazon Aurora
The following sections discuss how to create a VPC for use with Amazon Aurora.
For a helpful and detailed guide on connecting to an Amazon Aurora DB cluster, you can see RDS Aurora Connectivity.
Create a VPC and Subnets
You can only create an Amazon Aurora DB cluster in an Amazon Virtual Private Cloud (VPC) with at least two subnets in at least two Availability Zones. You can create an Aurora DB cluster in the default VPC for your AWS account, or you can create a user-defined VPC. For information, see Amazon RDS and Amazon Virtual Private Cloud (VPC).
Amazon RDS will, optionally, create a VPC and subnet group for you to use with your Amazon Aurora DB cluster. This can be helpful if you have never created a VPC, or if you would like to create a new VPC that is separate from your other VPCs. If you want Amazon RDS to create a VPC and subnet group for you, then skip this procedure and see Create a DB Cluster.
All VPC and EC2 resources that you use with your Aurora DB cluster must be in one of the following regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Ireland), EU (London).
To create a VPC for use with an Aurora DB cluster
Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the top-right corner of the AWS Management Console, select the region to create your VPC in. This example uses the US East (N. Virginia) region. Aurora is only supported for the following regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Ireland), EU (London).
In the upper-left corner, click VPC Dashboard. Click Start VPC Wizard to begin creating a VPC.
In the Create VPC wizard, click VPC with a Single Public Subnet. Click Select.
Set the following values in the Create VPC panel:
IP CIDR block:
Enable DNS hostnames:
Click Create VPC.
When your VPC has been created, click Close on the notification page.
To create additional subnets
To add the second to your VPC, in the VPC Dashboard click Subnets, and then click Create Subnet. An Amazon Aurora DB cluster requires at least two VPC subnets.
Set the following values in the Create Subnet panel:
VPC: Select the VPC that you created in the previous step, for example:
vpc-a464d1c1 (10.0.0.0/16) | gs-cluster-vpc.
Click Yes Create.
To ensure that the second subnet that you created uses the same route table as the first subnet, in the VPC Dashboard, click Subnets, and then select the first subnet that was created for the VPC,
gs-subnet1. Click the Route Table tab, and note the Current Route Table, for example:
In the list of subnets, select the second subnet,
gs-subnet2. Select the Route Table tab, and then click Edit. In the Change to list, select the route table from the previous step, for example:
rtb-2719b242. Click Save to save your selection.
Create a Security Group and Add Inbound Rules
After you've created your VPC and subnets, the next step is to create a security group and add inbound rules.
To create a security group
The last step in creating a VPC for use with your Amazon Aurora DB cluster is to create a VPC security group, which will identify which network addresses and protocols are allowed to access instances in your VPC.
In the VPC Dashboard, click Security Groups, and then click Create Security Group.
Set the following values in the Create Security Group panel:
Getting Started Security Group
VPC: Select the VPC that you created earlier, for example:
vpc-a464d1c1 (10.0.0.0/16) | gs-cluster-vpc.
Click Yes, Create to create the security group.
To add inbound rules to the security group
To connect to your Aurora DB instance, you will need to add an inbound rule to your VPC security group that allows inbound traffic to connect.
Determine the IP address that you will be using to connect to the Aurora cluster. You can use the service at http://checkip.amazonaws.com to determine your public IP address. If you are connecting through an ISP or from behind your firewall without a static IP address, you need to find out the range of IP addresses used by client computers.
If you use
0.0.0.0/0, you enable all IP addresses to access your DB cluster. This is acceptable for a short time in a test environment, but it's unsafe for production environments. In production, you'll authorize only a specific IP address or range of addresses to access your DB cluster.
In the VPC Dashboard, click Security Groups, and then select the
gs-securitygroup1security group that you created in the previous procedure.
Select the Inbound Rules tab, and then click the Edit button.
Set the following values for your new inbound rule:
Source: The IP address or range from the previous step, for example
Click Save to save your settings.
Create an RDS Subnet Group
The last thing that you need before you can create an Aurora DB cluster is a DB subnet group. Your RDS DB subnet group identifies the subnets that your DB cluster will use from the VPC that you created in the previous steps. Your DB subnet group must include at least two subnets in at least two Availability Zones.
To create a DB subnet group for use with your Aurora DB cluster
Open the Amazon Aurora console at https://console.aws.amazon.com/rds.
Select Subnet Groups, and then click Create DB Subnet Group.
Set the following values for your new DB subnet group:
Getting Started Subnet Group
VPC ID: Select the VPC that you created in the previous procedure, for example,
Click add all the subnets to add the subnets for the VPC that you created in earlier steps. You can also add each subnet individually by selecting the Availability Zone and the Subnet ID and clicking Add.
Click Yes, Create to create the subnet group.