From 95faaa357d16ad46033605095a026bb46282d718 Mon Sep 17 00:00:00 2001 From: Mike Lonergan Date: Sun, 7 Jul 2019 09:22:29 -0700 Subject: [PATCH] minor corrections --- bin/README.md | 2 +- .../2019/HOWTO: Build RDS instances.md | 56 ++++++++++--------- 2 files changed, 31 insertions(+), 27 deletions(-) diff --git a/bin/README.md b/bin/README.md index eb41ae3..548f467 100644 --- a/bin/README.md +++ b/bin/README.md @@ -5,7 +5,7 @@ * **create-db.sh**: after installing PostgreSQL database service, configured and running, run this script from an SSH shell on the VM to create each new database instance (note: if your database instance requires PostGIS, run `build-and-install-PostGIS.sh` before restoring the database or generating the database schema) * **create-ec2-machine-database.sh**: run this script from a local \*NIX (Mac, Linux or Ubuntu on Win10) shell, where `awscli` is installed and AWS credentials are available, to create a new EC2 VM from the input `profile.sh` configuration * **ec2-profile-database-development.sh**: use this script as the `profile.sh` input configuration for the `create-ec2-machine-database.sh` script, to create the central PostgreSQL database host for Hack Oregon's 2018 project season -* **ssm-parameters-upload.py**: +* **ssm-parameters-upload.py**: run this script to upload a bulk array of new SSM Parameter Store parameters * **upload-and-ssh-into-ec2.sh**: run this script to `scp` all files in the current directory and `ssh` into the designated SSH-enabled host Order of operations, from scratch: diff --git a/docs/database/2019/HOWTO: Build RDS instances.md b/docs/database/2019/HOWTO: Build RDS instances.md index 461d0df..c413cb2 100644 --- a/docs/database/2019/HOWTO: Build RDS instances.md +++ b/docs/database/2019/HOWTO: Build RDS instances.md @@ -13,33 +13,37 @@ Staging vs. Production - rather than a single layer for full-season usage - beca ## Procedure 1. Create an RDS instance with the following shared characteristics (suitable for staging aka "development" work): -- - engine = PostgreSQL -- - Use Case = dev/test -- - DB engine version = PostgreSQL 11.2-R1 -- - DB instance class = db.t2.small -- - Multi-AZ deployment = No -- - Storage type = General purpose (SSD) -- - Allocated storage = 100 GB -- - Virtual Private Cloud = Default VPC -- - Public accessibility = yes (note: will be "no" for production DBs, that can only be accessed via Django container in ECS) -- - Availability zone = no preference -- - VPC security groups = hacko-public-database (note: will be more restrictive for production DBs) -- - IAM DB authentication = Disable -- - Encryption = Enable -- - Master key = (default) aws/rds -- - Backup retention period = 7 days -- - Backup window = no preference -- - Enhanced monitoring = Enable enhanced monitoring -- - Performance insights = Enable performance insights, retention period = 7 days, Master key = (default) aws/rds -- - Log exports = Postgresql log -- - Auto minor version upgrade = Enable auto minor version upgrade -- - Maintenance window = No preference -- - Deletion protection = Enable delete protection -2. Create a login role according to the naming conventions e.g. `transportation2019` - which has following privileges: Can login, Inherit rights from the parent roles +** engine = PostgreSQL +** Use Case = dev/test +** DB engine version = PostgreSQL 11.2-R1 +** DB instance class = db.t2.small +** Multi-AZ deployment = No +** Storage type = General purpose (SSD) +** Allocated storage = 100 GB +** Virtual Private Cloud = Default VPC +** Public accessibility = yes (note: will be "no" for production DBs, production databases can only be accessed via the related Django container in ECS production deploy) +** Availability zone = no preference +** VPC security groups = hacko-public-database (note: will be more restrictive for production DBs) +** IAM DB authentication = Disable +** Encryption = Enable +** Master key = (default) aws/rds +** Backup retention period = 7 days +** Backup window = no preference +** Enhanced monitoring = Enable enhanced monitoring +** Performance insights = Enable performance insights, retention period = 7 days, Master key = (default) aws/rds +** Log exports = Postgresql log +** Auto minor version upgrade = Enable auto minor version upgrade +** Maintenance window = No preference +** Deletion protection = Enable delete protection +2. Create a login role according to the naming conventions e.g. `transportation2019` - which has following privileges: Can login, Create databases, Inherit rights from the parent roles 3. Create the database according to the https://docs.google.com/spreadsheets/d/147thL899Bf8IL3ma1S9XBrNXL2xYsIRM5mE-3fceIcQ/ naming scheme 4. Assign the created login role as the Owner of the DB -- - note: in AWS RDS, the role creating the database must have the role which will be owner of the database being created: https://stackoverflow.com/a/34898033 +** note: in AWS RDS, the role creating the database must have the role which will be owner of the database being created: https://stackoverflow.com/a/34898033 5. Execute the following command in the new DB using the Query Tool or other SQL automation: `CREATE EXTENSION postgis;` -6. Even better: add the `postgis` extension to the template database, so that all new databases will automatically get it: ` -7. If you need add another role with read-only privileges to the DB, use the script in *HOWTO-enable-readonly-database-user* or similar. +** Even better: add the `postgis` extension to the `template1` database, so that all new databases will automatically get it: _(TBD)_ +6. If you need add another role with read-only privileges to the DB, use the script in *HOWTO-enable-readonly-database-user* or similar. + +## Other troubleshooting notes + +- Check which extensions are enabled for each database - connect to the database and run `SELECT * FROM pg_extension;`