> ## Documentation Index
> Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create AWS RDS instance

> Guide to provisioning and configuring an AWS RDS PostgreSQL instance, initializing a users table, and securing credentials for a login application's database.

Hello — in this lesson we'll provision an AWS RDS (PostgreSQL) instance to store user credentials for the login application in our architecture.

Why an RDS instance?

* The login page authenticates users with username and password. These credentials must be persisted in a reliable, managed relational database.
* Amazon RDS provides a managed PostgreSQL service with backups, automated maintenance, and scaling options, making it suitable for production or development environments.

Relevant links and references

* [AWS RDS Documentation](https://docs.aws.amazon.com/rds/)
* [PostgreSQL Documentation](https://www.postgresql.org/docs/)
* Password hashing: [bcrypt](https://en.wikipedia.org/wiki/Bcrypt), [Argon2](https://en.wikipedia.org/wiki/Argon2)
* Migration tools: [Flyway](https://flywaydb.org), [Liquibase](https://www.liquibase.com)

## Step-by-step (AWS Console)

1. Sign in to the AWS Console and open the RDS service.
2. Click **Create database**.
3. Choose **PostgreSQL** (selected by default).
4. Select the **Production** template (or another template appropriate for your workload).
5. Choose **Single DB instance**.
6. Set a DB instance identifier (example: `microservice`).
7. In **Credentials**, provide a master username and password or use the automatic password generator. In this lesson we use the auto-generated password.

<Callout icon="lightbulb" color="#1CB2FE">
  If you use the auto-generated password, save it securely (for example, in AWS Secrets Manager) so your application can retrieve it at runtime without exposing credentials in code or configuration files.
</Callout>

8. Leave most other settings at their defaults unless you need to customize them.
9. For **Public access** choose `Yes` if you need external connectivity for development or testing. For production, prefer private access (see the security callout below).

<Frame>
  <img src="https://mintcdn.com/kodekloud-c4ac6d9a/1ccKtG7aZllQmXlF/images/Hands-On-AWS-Project-Deploy-Your-First-Crypto-App/Monolith-to-Microservice-design/Create-AWS-RDS-instance/aws-rds-configuration-page-setup.jpg?fit=max&auto=format&n=1ccKtG7aZllQmXlF&q=85&s=53b1bbed1ef07249ebabe0809f8f2fd2" alt="This image shows an AWS RDS configuration page where options for VPC, DB subnet group, public access, and VPC security groups are being set. It's part of the setup process for a database instance in AWS." width="1920" height="1080" data-path="images/Hands-On-AWS-Project-Deploy-Your-First-Crypto-App/Monolith-to-Microservice-design/Create-AWS-RDS-instance/aws-rds-configuration-page-setup.jpg" />
</Frame>

Continue with additional options:

10. Scroll down to **Performance Insights** and disable it if you do not need it.
11. In **Additional configuration**, set the initial database name to `microservice`.
12. Review all settings and click **Create database**.

<Frame>
  <img src="https://mintcdn.com/kodekloud-c4ac6d9a/1ccKtG7aZllQmXlF/images/Hands-On-AWS-Project-Deploy-Your-First-Crypto-App/Monolith-to-Microservice-design/Create-AWS-RDS-instance/aws-rds-configuration-microservice-instance.jpg?fit=max&auto=format&n=1ccKtG7aZllQmXlF&q=85&s=569d7828929dda300911df75fc883f73" alt="The image shows the AWS RDS (Amazon Relational Database Service) configuration page, where a user is setting up database options for a new database instance named &#x22;microservice.&#x22;" width="1920" height="1080" data-path="images/Hands-On-AWS-Project-Deploy-Your-First-Crypto-App/Monolith-to-Microservice-design/Create-AWS-RDS-instance/aws-rds-configuration-microservice-instance.jpg" />
</Frame>

## After creation

Wait for the DB instance status to become `available` in the RDS console. Once the instance is available, note the instance endpoint and port (default PostgreSQL port is `5432`). You will use these values to connect and initialize the schema.

<Frame>
  <img src="https://mintcdn.com/kodekloud-c4ac6d9a/1ccKtG7aZllQmXlF/images/Hands-On-AWS-Project-Deploy-Your-First-Crypto-App/Monolith-to-Microservice-design/Create-AWS-RDS-instance/amazon-rds-console-postgresql-database.jpg?fit=max&auto=format&n=1ccKtG7aZllQmXlF&q=85&s=f20167746eb9b8895d922caa93d62f81" alt="This image shows the Amazon RDS console with a list of databases. A PostgreSQL database named &#x22;microservice&#x22; is displayed with its status marked as &#x22;available.&#x22;" width="1920" height="1080" data-path="images/Hands-On-AWS-Project-Deploy-Your-First-Crypto-App/Monolith-to-Microservice-design/Create-AWS-RDS-instance/amazon-rds-console-postgresql-database.jpg" />
</Frame>

Quick reference — recommended settings

| Setting                | Recommended value (example) | Notes                                                     |
| ---------------------- | --------------------------- | --------------------------------------------------------- |
| Engine                 | PostgreSQL                  | Choose the major version appropriate for your app         |
| DB instance identifier | `microservice`              | Short, descriptive identifier                             |
| Initial DB name        | `microservice`              | Used by your application connection string                |
| Port                   | `5432`                      | Default PostgreSQL port                                   |
| Public access          | `Yes` (dev) / `No` (prod)   | For production use private subnets and bastion/VPN access |
| Performance Insights   | Off (optional)              | Enable for deep performance troubleshooting               |

## Initialize schema and seed users

Connect to the new database with `psql`, a GUI client, or any PostgreSQL client. Example `psql` command (replace the endpoint and username):

```bash theme={null}
psql -h your-instance-endpoint.rds.amazonaws.com -p 5432 -U postgres -d microservice
```

Once connected, create a simple `users` table and insert sample rows for testing:

```sql theme={null}
-- create a simple users table
CREATE TABLE IF NOT EXISTS users (
  id SERIAL PRIMARY KEY,
  username VARCHAR(100) UNIQUE NOT NULL,
  password_hash TEXT NOT NULL,
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

-- insert dummy users (do NOT use plain-text passwords in production)
INSERT INTO users (username, password_hash) VALUES
  ('alice', 'pbkdf2_sha256$...'),
  ('bob', 'pbkdf2_sha256$...'),
  ('carol', 'pbkdf2_sha256$...');
```

Use secure password handling in production: always store salted and hashed passwords (for example, `bcrypt` or `Argon2`) and never store plain-text credentials.

## Security note

<Callout icon="warning" color="#FF6B6B">
  Setting Public access to `Yes` exposes the database to the Internet. For production systems, prefer placing the RDS instance in private subnets, use VPNs or bastion hosts to connect, and restrict inbound security group rules to only trusted IP addresses or VPCs. If public access is enabled for development, lock down inbound rules immediately and rotate credentials afterward.
</Callout>

## Next steps

* Use the seeded user accounts to test authentication flows in the login application.
* Configure your application to read DB credentials securely (for example, from AWS Secrets Manager or environment-specific secret stores).
* Automate schema creation and versioning with migration tools such as Flyway or Liquibase for repeatable deployments.
* Monitor and tune performance with RDS monitoring tools and enable automated backups as needed.

That is it for this lesson. See you in the next lesson.

<CardGroup>
  <Card title="Watch Video" icon="video" cta="Learn more" href="https://learn.kodekloud.com/user/courses/building-scalable-microservices-on-aws-deploy-a-crypto-app/module/d14608f9-c900-4ec7-9bdd-ed8e215da540/lesson/71e633a9-7507-4a1b-8a17-c0b1f7a09a85" />
</CardGroup>
