Overview
Follow the steps below to provision (or integrate with existing) an RDS instance with a PrivateLink endpoint in AWS for Control Plane connectivity.Create using Control Plane Terraform
Modes
- Create New Infrastructure (default)
- RDS, Secret Manager Secret and VPC infrastructure will be created along with networking resources.
- Existing Infrastructure
- Uses your preexisting RDS, Secret Manager Secret and VPC infrastructure to create networking resources.
- To use this mode, you must provide your RDS ARN and Secret Manager Secret ARN.
What’s Created
Using Create Infrastructure Mode:
Using Create Infrastructure Mode:
- VPC & Subnets
- RDS PostgreSQL Instance (multi-AZ)
- Secrets Manager (secure credential storage)
- RDS Proxy (connection pooling and failover)
- Network Load Balancer
- Lambda Function (dynamic IP updates)
- PrivateLink Endpoint Service
Using Existing Infrastructure Mode:
Using Existing Infrastructure Mode:
- RDS Proxy (connection pooling and failover)
- Network Load Balancer
- Lambda Function (dynamic IP updates)
- PrivateLink Endpoint Service
Prerequisites
Software Requirements: AWS Account Requirements:- Amazon Web Service (AWS) account with billing enabled.
- AWS IAM User/Role with appropriate permissions (VPC, RDS, Lambda, NLB, Secrets Manager, IAM, CloudWatch, etc.).
- Deploy resources in the same region as your Control Plane workload.
- VPC, subnets, and RDS infrastructure already created and available.
- Create Secrets Manager Secret with database credentials in the following JSON format.
Step 1 - Clone Control Plane Terraform
- This repository contains Terraform modules for provisioning AWS infrastructure that integrates with Control Plane via PrivateLink.
Step 2 - Create Configuration File
- Create a
terraform.tfvars
file in the root of the cloned repository. - For using Create New Infrastructure mode:
terraform.tfvars
- For using Existing Infrastructure mode:
terraform.tfvars
Step 3 - Deploy Infrastructure
- Run the Terraform with your configuration:
- The Terraform will automatically provision all necessary resources and output your PrivateLink endpoint service name.
- For more information, refer to the repository README
Next Steps
- Contact support@controlplane.com with your service name and region.
- Control Plane will use this to create the consumer-side endpoint connection.
- Once notified that the consumer endpoint has been created, go to your AWS Console:
- Navigate to
VPC
and toEndpoint Services
. - Click on your PrivateLink service.
- Under Pending endpoint connections, select the pending request.
- Click the
Actions
dropdown and accept endpoint connection request.
- Navigate to
- Proceed to follow the Native Networking Setup in Control Plane.