Working with Amazon RDS on AWS Outposts
Amazon RDS on AWS Outposts extends Amazon RDS for MySQL and PostgreSQL databases to
AWS Outposts
environments. AWS Outposts uses the same hardware as in public AWS Regions to bring
AWS
services, infrastructure, and operation models on-premises. With RDS on Outposts,
you can
provision managed DB instances close to the business applications that must run
on-premises.
For more information about AWS Outposts, see AWS Outposts
You use the same AWS Management Console, AWS CLI, and RDS API to provision and manage on-premises RDS on Outposts DB instances as you do for RDS DB instances running in the AWS Cloud. RDS on Outposts automates tasks, such as database provisioning, operating system and database patching, backup, and long-term archival in Amazon S3.
RDS on Outposts supports automated backups of DB instances. Network connectivity between your Outpost and your AWS Region is required to back up and restore DB instances. All DB snapshots and transaction logs from an Outpost are stored in your AWS Region. From your AWS Region, you can restore a DB instance from a DB snapshot to a different Outpost. For more information, see Working with backups.
RDS on Outposts supports automated maintenance and upgrades of DB instances. For more information, see Maintaining a DB instance.
RDS on Outposts uses encryption at rest for DB instances and DB snapshots using your AWS Key Management Service (AWS KMS) key. For more information about encryption at rest, see Encrypting Amazon RDS resources.
When network connectivity to the AWS Region isn't available, your DB instance continues to run locally. You can't create new DB instances or take new actions on existing DB instances. Automatic backups don't occur when there is no connectivity. If there is a DB instance failure, the DB instance isn't automatically replaced until connectivity is restored. We recommend restoring network connectivity as soon as possible.
Topics
Prerequisites for Amazon RDS on AWS Outposts
The following are prerequisites for using Amazon RDS on AWS Outposts:
-
Install AWS Outposts in your on-premises data center. For more information about AWS Outposts, see AWS Outposts
. -
Make sure that you have at least one subnet available for RDS on Outposts. You can use the same subnet for other workloads.
-
Make sure that you have a reliable network connection between your Outpost and an AWS Region.
Amazon RDS on AWS Outposts support for Amazon RDS features
Feature | Supported | Notes | More information |
---|---|---|---|
DB instance provisioning |
Yes |
You can only create DB instances for RDS for MySQL and RDS for PostgreSQL DB engines. The following versions are supported:
|
Creating an Amazon RDS DB instance |
Modifying the master user password |
Yes |
— |
Modifying an Amazon RDS DB instance |
Renaming a DB instance |
Yes |
— |
Modifying an Amazon RDS DB instance |
Rebooting a DB instance |
Yes |
— |
Rebooting a DB instance |
Stopping a DB instance |
Yes |
— |
Stopping an Amazon RDS DB instance temporarily |
Starting a DB instance |
Yes |
— |
Starting an Amazon RDS DB instance that was previously stopped |
Multi-AZ deployments |
No |
— |
High availability (Multi-AZ) for Amazon RDS |
DB parameter groups |
Yes |
— |
Working with DB parameter groups |
Read replicas |
No |
— |
Working with read replicas |
Encryption at rest |
Yes |
RDS on Outposts doesn't support unencrypted DB instances. |
Encrypting Amazon RDS resources |
AWS Identity and Access Management (IAM) database authentication |
No |
— |
IAM database authentication for MySQL and PostgreSQL |
Associating an IAM role with a DB instance |
No |
— |
add-role-to-db-instance CLI command and AddRoleToDBInstance RDS API operation |
Kerberos authentication |
No |
— |
Kerberos authentication |
Tagging Amazon RDS resources |
Yes |
— |
Tagging Amazon RDS resources |
Option groups |
Yes |
— |
Working with option groups |
Modifying the maintenance window |
Yes |
— |
Maintaining a DB instance |
Automatic minor version upgrade |
Yes |
— |
Automatically upgrading the minor engine version |
Modifying the backup window |
Yes |
— |
Working with backups and Modifying an Amazon RDS DB instance |
DB instance scaling |
Yes |
To scale a DB instance, modify its on-premises DB instance class. Storage scaling isn't supported. |
Modifying an Amazon RDS DB instance |
Manual and automatic DB instance snapshots |
Yes |
Manual and automatic DB instance snapshots are stored in your AWS Region. |
Creating a DB snapshot |
Restoring from a DB snapshot |
Yes |
— |
Restoring from a DB snapshot |
Restoring a DB instance from Amazon S3 |
No |
— |
Restoring a backup into an Amazon RDS MySQL DB instance |
Exporting snapshot data to Amazon S3 |
Yes |
— |
Exporting DB snapshot data to Amazon S3 |
Point-in-time recovery |
Yes |
— |
Restoring a DB instance to a specified time |
Enhanced monitoring |
No |
— |
Enhanced Monitoring |
Amazon CloudWatch monitoring |
No |
— |
Monitoring with Amazon CloudWatch |
Publishing database engine logs to CloudWatch Logs |
No |
— |
Publishing database logs to Amazon CloudWatch Logs |
Event notification |
Yes |
— |
Using Amazon RDS event notification |
Amazon RDS Performance Insights |
No |
— |
Using Amazon RDS Performance Insights |
Viewing or downloading database logs |
No |
RDS on Outposts doesn't support viewing database logs using the console or describing database logs using the CLI or RDS API. RDS on Outposts doesn't support downloading database logs using the console or downloading database logs using the CLI or RDS API. |
Amazon RDS database log files |
Amazon RDS Proxy |
No |
— |
Managing connections with Amazon RDS Proxy |
Stored procedures for Amazon RDS for MySQL |
Yes |
— |
MySQL on Amazon RDS SQL reference |
Replication with external databases for Amazon RDS for MySQL |
No |
— |
Replication with a MySQL or MariaDB instance running external to Amazon RDS |
RDS on Outposts doesn't support use cases that require all data to remain in your data center.
RDS on Outposts stores database backups and logs in your AWS Region.
Supported DB instance classes for Amazon RDS on AWS Outposts
Amazon RDS on AWS Outposts supports the following DB instance classes:
-
General Purpose DB instance classes
-
db.m5.24xlarge
-
db.m5.12xlarge
-
db.m5.4xlarge
-
db.m5.2xlarge
-
db.m5.xlarge
-
db.m5.large
-
-
Memory Optimized DB instance classes
-
db.r5.24xlarge
-
db.r5.12xlarge
-
db.r5.4xlarge
-
db.r5.2xlarge
-
db.r5.xlarge
-
db.r5.large
-
Only General Purpose SSD storage is supported for RDS on Outposts DB instances. For more information about DB instance classes, see DB instance classes.
Customer-owned IP addresses for RDS on Outposts
AWS Outposts uses information that you provide about your on-premises network to create an address pool, known as a customer-owned IP address pool (CoIP pool). Customer-owned IP addresses (CoIPs) provide local or external connectivity to resources in your Outpost subnets through your on-premises network. For more information about CoIPs, see Customer-owned IP addresses in the AWS Outposts User Guide.
Each RDS on Outposts DB instance has a private IP address for traffic inside its virtual private cloud (VPC). This private IP address isn't publicly accessible. You can use the Public option to designate whether the DB instance also has a public IP address in addition to the private IP address. Using the public IP address for connections routes them through the internet and can result in high latencies in some cases.
Instead of using these private and public IP addresses, RDS on Outposts supports enabling a CoIP for DB instances through their subnets. When you enable a CoIP for an RDS on Outposts DB instance, you connect to the DB instance with the DB instance endpoint. RDS on Outposts automatically uses the CoIP for all connections from both inside and outside of the VPC.
CoIPs can provide the following benefits for RDS on Outposts DB instances:
-
Lower connection latency
-
Enhanced security
You can enable or disable a CoIP for an RDS on Outposts DB instance using the AWS Management Console, the AWS CLI, or the RDS API:
-
With the AWS Management Console, use the Customer-owned IP address (CoIP) setting in Access type to enable a CoIP. Use one of the other settings to disable it.
-
With the AWS CLI, use the
--enable-customer-owned-ip | --no-enable-customer-owned-ip
option. -
With the RDS API, use the
EnableCustomerOwnedIp
parameter.
You can enable or disable a CoIP when you perform any of the following actions:
-
Create a DB instance
For more information, see Creating DB instances for Amazon RDS on AWS Outposts.
-
Modify a DB instance
For more information, see Modifying an Amazon RDS DB instance.
-
Restore a DB instance from a snapshot
For more information, see Restoring from a DB snapshot.
-
Restore a DB instance to a specified time
For more information, see Restoring a DB instance to a specified time.
If you enable a CoIP for a DB instance, but Amazon RDS is unable to allocate a CoIP for the DB instance, the DB instance status is changed to incompatible-network. For more information about the DB instance status, see DB instance status.
The following limitations apply to CoIP support for RDS on Outposts DB instances:
-
When a CoIP is enabled for a DB instance, make sure that public accessibility is disabled for the DB instance.
-
You can't assign a CoIP from a CoIP pool to a DB instance. When you enable a CoIP for a DB instance, Amazon RDS automatically assigns a CoIP from a CoIP pool to the DB instance.
-
You must use the AWS account that owns the Outpost resources (owner) or share the following resources with other AWS accounts (consumers) in the same organization.
-
The Outpost
-
The local gateway (LGW) route table for the DB instance's VPC
-
The CoIP pool or pools for the LGW route table
For more information, see Working with shared AWS Outposts resources in the AWS Outposts User Guide.
-
Creating DB instances for Amazon RDS on AWS Outposts
Creating an Amazon RDS on AWS Outposts DB instance is similar to creating an Amazon RDS DB instance in the AWS Cloud. However, you must specify a DB subnet group that is associated with your Outpost.
An Amazon VPC can span all of the Availability Zones in an AWS Region. You can extend any VPC in the AWS Region to your Outpost by adding an Outpost subnet. To add an Outpost subnet to a VPC, specify the Amazon Resource Name (ARN) of the Outpost when you create the subnet.
Before you create an RDS on Outposts DB instance, you can create a DB subnet group that includes one subnet that is associated with your Outpost. When you create an RDS on Outposts DB instance, specify this DB subnet group. You can also choose to create a new DB subnet group when you create your DB instance.
For information about configuring AWS Outposts, see the AWS Outposts User Guide.
To create an RDS on Outposts DB instance using the console
-
Create a DB subnet group with one subnet that is associated with your Outpost.
To create a new DB subnet group for the Outpost when you create your DB instance, skip this step.
Note To create a DB subnet group for the AWS Cloud, you specify at least two subnets. However, for an Outpost DB subnet group, you can specify only one subnet.
-
Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/
. -
In the upper-right corner of the Amazon RDS console, choose the AWS Region where you want to create the DB subnet group.
-
Choose Subnet groups, and then choose Create DB Subnet Group.
The Create DB subnet group page appears.
-
Set the following values for your new DB subnet group:
-
Name – The name of the DB subnet group
-
Description – A description for the DB subnet group
-
VPC – The VPC for which you're creating the DB subnet group
-
-
For Availability Zones, choose the Availability Zone for your Outpost.
-
For Subnets, choose the subnet for use by RDS on Outposts.
Your DB subnet group must have only one subnet.
-
Choose Create to create the DB subnet group.
-
-
Create the DB instance, and choose the Outpost for your DB instance.
-
Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/
. -
In the upper-right corner of the Amazon RDS console, choose the AWS Region where you want to create the DB instance.
-
In the navigation pane, choose Databases.
-
Choose Create database.
The AWS Management Console detects available Outposts that you have configured and presents the On-premises option in the Database location section.
Note If you haven't configured any Outposts, either the Database location section doesn't appear or the RDS on Outposts option isn't available in the Choose an on-premises creation method section.
-
Choose the following settings:
-
Database location – On-premises
-
On-premises creation method – RDS on Outposts
-
Outpost – The Outpost that uses the virtual private cloud (VPC) that has the DB subnet group for your DB instance. Your VPC here must be based on the Amazon VPC service.
-
Virtual Private Cloud (VPC) – The VPC that contains the DB subnet group for your DB instance.
-
VPC security group – The Amazon VPC security group for your DB instance.
-
Subnet group – The DB subnet group for your DB instance.
You can choose an existing DB subnet group that is associated with the Outpost. If you didn't create a DB subnet group, you can create a new DB subnet group for the Outpost. Only one subnet is allowed in this DB subnet group.
-
-
For the remaining sections, specify your DB instance settings.
For information about each setting when creating a DB instance, see Settings for DB instances.
-
Choose Create database.
If you chose to use an automatically generated password, the View credential details button appears on the Databases page.
To view the master user name and password for the DB instance, choose View credential details.
To connect to the DB instance as the master user, use the user name and password that appear.
Important You can't view the master user password again. If you don't record it, you might have to change it. To change the master user password after the DB instance is available, modify the DB instance. For more information about modifying a DB instance, see Modifying an Amazon RDS DB instance.
-
For Databases, choose the name of the new DB instance.
On the RDS console, the details for the new DB instance appear. The DB instance has a status of Creating until the DB instance is created and ready for use. When the state changes to Available, you can connect to the DB instance. Depending on the DB instance class and storage allocated, it can take several minutes for the new DB instance to be available.
After the DB instance is available, you can manage it the same way that you manage RDS DB instances in the cloud.
-
To create a new DB instance in an Outpost with the AWS CLI, first create a DB
subnet group for use by RDS on Outposts by calling the
create-db-subnet-group command.
For --subnet-ids
, specify the subnet group in the Outpost for use by RDS on Outposts.
For Linux, macOS, or Unix:
aws rds create-db-subnet-group \ --db-subnet-group-name
myoutpostdbsubnetgr
\ --db-subnet-group-description"DB subnet group for RDS on Outposts"
\ --subnet-idssubnet-abc123
For Windows:
aws rds create-db-subnet-group ^ --db-subnet-group-name
myoutpostdbsubnetgr
^ --db-subnet-group-description"DB subnet group for RDS on Outposts"
^ --subnet-idssubnet-abc123
Next, call the create-db-instance command with the parameters below. Specify an Availability Zone for the Outpost, an Amazon VPC security group associated with the Outpost, and the DB subnet group you created for the Outpost. You can include the following options:
-
--db-instance-identifier
-
--db-instance-class
-
--engine
-
--availability-zone
-
--vpc-security-group-ids
-
--db-subnet-group-name
-
--allocated-storage
-
--master-user-name
-
--master-user-password
-
--backup-retention-period
-
--storage-encrypted
-
--kms-key-id
The following example creates a MySQL DB instance named
myoutpostdbinstance
.
For Linux, macOS, or Unix:
aws rds create-db-instance \ --db-instance-identifier
myoutpostdbinstance
\ --engine-version8.0.17
\ --db-instance-classdb.m5.large
\ --enginemysql
\ --availability-zoneus-east-1d
\ --vpc-security-group-idsoutpost-sg
\ --db-subnet-group-namemyoutpostdbsubnetgr
\ --allocated-storage100
\ --master-usernamemasterawsuser
\ --master-user-passwordmasteruserpassword
\ --backup-retention-period3
\ --storage-encrypted \ --kms-key-idmykey
For Windows:
aws rds create-db-instance ^ --db-instance-identifier
myoutpostdbinstance
^ --engine-version8.0.17
^ --db-instance-classdb.m5.large
^ --enginemysql
^ --availability-zoneus-east-1d
^ --vpc-security-group-idsoutpost-sg
^ --db-subnet-group-namemyoutpostdbsubnetgr
^ --allocated-storage100
^ --master-usernamemasterawsuser
^ --master-user-passwordmasteruserpassword
^ --backup-retention-period3
^ --storage-encrypted ^ --kms-key-idmykey
To create a PostgreSQL DB instance, specify postgres
for the --engine
option.
For information about each setting when creating a DB instance, see Settings for DB instances.
To create a new DB instance in an Outpost with the RDS API, first create a DB
subnet group for use by RDS on Outposts by calling the
CreateDBSubnetGroup operation.
For SubnetIds
, specify the subnet group in the Outpost for use by RDS on Outposts.
Next, call the CreateDBInstance operation with the parameters below. Specify an Availability Zone for the Outpost, an Amazon VPC security group associated with the Outpost, and the DB subnet group you created for the Outpost.
-
AllocatedStorage
-
AvailabilityZone
-
BackupRetentionPeriod
-
DBInstanceClass
-
DBInstanceIdentifier
-
VpcSecurityGroupIds
-
DBSubnetGroupName
-
Engine
-
EngineVersion
-
MasterUsername
-
MasterUserPassword
-
StorageEncrypted
-
KmsKeyID
For information about each setting when creating a DB instance, see Settings for DB instances.