Phase 2 - RDS

1. Create DB subnet group

  • Open RDS Console - Subnet groups - Create DB subnet group. DB subnet group screen 1

  • Enter Name: <your-db-subnet-group-name>.

  • Enter Description: <your-db-subnet-group-description>.

  • Select VPC: your-vpc-id.

  • Select 2 Az that have 2 isolated subnet.

  • Seclect 2 isolated subnet: your-isolated-subnet-1-id and your-isolated-subnet-2-id.

DB subnet group screen 2

2. Create PostgreSQL RDS instance

  • Open RDS Console - Databases - Create database. Create RDS screen 1

  • Select Engine type: PostgreSQL.

  • Select Full Configuration. Create RDS screen 2

  • Pick Multi AZ 2 instance. Create RDS screen 3

  • Select VPC and Subnetgroup id. DB subnet group screen 3

  • Select Vpc security group: <your-database-security-group-id>. DB subnet group screen 4

  • Select Engine version: 15.14.

  • Enter DB instance identifier: <your-db-instance-identifier>.

  • Enter Master username: postgres. Create RDS screen 4

  • Click Manage in AWS Secret Manager Create RDS screen 5

  • Select DB instance class: db.t4g.micro. Create RDS screen 6

  • Select Storage type: gp3.

  • Enter Allocated storage: 20 GB.

  • Enable Storage autoscaling: Yes.

  • Enter Maximum storage threshold: 50 GB. Create RDS storage settings

Create RDS autoscaling threshold

  • Enter Initial database name: myfit.
  • Enter Backup retention period: 7 days.
  • Keep Enable automated backup: enabled.
  • Keep Database Insights: Standard.
  • Keep Performance Insights: disabled.
  • Keep Enhanced Monitoring: disabled.
  • Enable CloudWatch logs export: postgresql.

Create RDS database name and backup

Create RDS monitoring options

  • Keep Enable replication in another AWS Region: disabled.
  • Keep Enable encryption: disabled.
  • Keep Enable deletion protection: enabled.

Create RDS backup, encryption, and maintenance

  • Click Create database.

Create database final step

  • Wait until DB instance status is available. RDS result screen 1

  • Copy Endpoint address: <your-rds-endpoint>.

  • Confirm Port: 5432. RDS result endpoint and port

3. Check database secret in Secrets Manager (auto generated)

  1. Open Secrets Manager Console.
  2. Save secret and copy ARN: <your-rds-secret-arn>.

4. Phase completion checklist

  1. Confirm DB subnet group is Complete and includes only the two isolated subnets.
  2. Confirm DB instance status is available.
  3. Confirm Engine/Class/Multi-AZ are postgres 15.14, db.t4g.micro, true.
  4. Confirm storage is gp3, 20 GB, autoscaling 50 GB.
  5. Confirm Public access is false, port is 5432.
  6. Confirm Backup retention is 7 days and CloudWatch logs export includes postgresql.
  7. Confirm secret ARN for DB credentials is saved for later phases.