Overview

Follow the steps below to provision (or integrate with existing) an RDS instance with a PrivateLink endpoint in AWS for Control Plane connectivity.

Create using Control Plane Terraform

Modes

  1. Create New Infrastructure (default)
    • RDS, Secret Manager Secret and VPC infrastructure will be created along with networking resources.
  2. Existing Infrastructure
    • Uses your preexisting RDS, Secret Manager Secret and VPC infrastructure to create networking resources.
    • To use this mode, you must provide your RDS ARN and Secret Manager Secret ARN.

What’s Created

  • VPC & Subnets
  • RDS PostgreSQL Instance (multi-AZ)
  • Secrets Manager (secure credential storage)
  • RDS Proxy (connection pooling and failover)
  • Network Load Balancer
  • Lambda Function (dynamic IP updates)
  • PrivateLink Endpoint Service
  • RDS Proxy (connection pooling and failover)
  • Network Load Balancer
  • Lambda Function (dynamic IP updates)
  • PrivateLink Endpoint Service

Prerequisites

Software Requirements:
  • Install AWS CLI.
  • Install Terraform CLI.
  • Git (for cloning the repository).
AWS Account Requirements:
  • Amazon Web Service (AWS) account with billing enabled.
  • AWS IAM User/Role with appropriate permissions (VPC, RDS, Lambda, NLB, Secrets Manager, IAM, CloudWatch, etc.).
  • Deploy resources in the same region as your Control Plane workload.
Existing RDS Requirements:
  • VPC, subnets, and RDS infrastructure already created and available.
  • Create Secrets Manager Secret with database credentials in the following JSON format. 
    {
"username": "your_db_username",
"password": "your_db_password"
}

Step 1 - Clone Control Plane Terraform

git clone https://github.com/controlplane-com/cpln-rds-producer
cd cpln-rds-producer
  • This repository contains Terraform modules for provisioning AWS infrastructure that integrates with Control Plane via PrivateLink.

Step 2 - Create Configuration File

  • Create a terraform.tfvars file in the root of the cloned repository.
  • For using Create New Infrastructure mode:
    terraform.tfvars
    aws_region = "us-west-2"
db_username = "postgres"
db_password = "SecurePassword123!"
  • For using Existing Infrastructure mode:
    terraform.tfvars
    db_instance_arn = "arn:aws:rds:us-west-2:123456789012:db:my-db"
secret_arn = "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-secret"

Step 3 - Deploy Infrastructure

  • Run the Terraform with your configuration:
terraform init
terraform plan
terraform apply
  • The Terraform will automatically provision all necessary resources and output your PrivateLink endpoint service name.
  • For more information, refer to the repository README

Next Steps

  • Contact support@controlplane.com with your service name and region.
  • Control Plane will use this to create the consumer-side endpoint connection.
  • Once notified that the consumer endpoint has been created, go to your AWS Console:
    • Navigate to VPC and to Endpoint Services.
    • Click on your PrivateLink service.
    • Under Pending endpoint connections, select the pending request.
    • Click the Actions dropdown and accept endpoint connection request.
  • Proceed to follow the Native Networking Setup in Control Plane.