Skip to main content
Hello — in this lesson we’ll provision an AWS RDS (PostgreSQL) instance to store user credentials for the login application in our architecture. Why an RDS instance?
  • The login page authenticates users with username and password. These credentials must be persisted in a reliable, managed relational database.
  • Amazon RDS provides a managed PostgreSQL service with backups, automated maintenance, and scaling options, making it suitable for production or development environments.
Relevant links and references

Step-by-step (AWS Console)

  1. Sign in to the AWS Console and open the RDS service.
  2. Click Create database.
  3. Choose PostgreSQL (selected by default).
  4. Select the Production template (or another template appropriate for your workload).
  5. Choose Single DB instance.
  6. Set a DB instance identifier (example: microservice).
  7. In Credentials, provide a master username and password or use the automatic password generator. In this lesson we use the auto-generated password.
If you use the auto-generated password, save it securely (for example, in AWS Secrets Manager) so your application can retrieve it at runtime without exposing credentials in code or configuration files.
  1. Leave most other settings at their defaults unless you need to customize them.
  2. For Public access choose Yes if you need external connectivity for development or testing. For production, prefer private access (see the security callout below).
This image shows an AWS RDS configuration page where options for VPC, DB subnet group, public access, and VPC security groups are being set. It's part of the setup process for a database instance in AWS.
Continue with additional options:
  1. Scroll down to Performance Insights and disable it if you do not need it.
  2. In Additional configuration, set the initial database name to microservice.
  3. Review all settings and click Create database.
The image shows the AWS RDS (Amazon Relational Database Service) configuration page, where a user is setting up database options for a new database instance named "microservice."

After creation

Wait for the DB instance status to become available in the RDS console. Once the instance is available, note the instance endpoint and port (default PostgreSQL port is 5432). You will use these values to connect and initialize the schema.
This image shows the Amazon RDS console with a list of databases. A PostgreSQL database named "microservice" is displayed with its status marked as "available."
Quick reference — recommended settings

Initialize schema and seed users

Connect to the new database with psql, a GUI client, or any PostgreSQL client. Example psql command (replace the endpoint and username):
Once connected, create a simple users table and insert sample rows for testing:
Use secure password handling in production: always store salted and hashed passwords (for example, bcrypt or Argon2) and never store plain-text credentials.

Security note

Setting Public access to Yes exposes the database to the Internet. For production systems, prefer placing the RDS instance in private subnets, use VPNs or bastion hosts to connect, and restrict inbound security group rules to only trusted IP addresses or VPCs. If public access is enabled for development, lock down inbound rules immediately and rotate credentials afterward.

Next steps

  • Use the seeded user accounts to test authentication flows in the login application.
  • Configure your application to read DB credentials securely (for example, from AWS Secrets Manager or environment-specific secret stores).
  • Automate schema creation and versioning with migration tools such as Flyway or Liquibase for repeatable deployments.
  • Monitor and tune performance with RDS monitoring tools and enable automated backups as needed.
That is it for this lesson. See you in the next lesson.

Watch Video