In this post we will see step by step details of creating an Amazon RDS Custom for Oracle
Before proceeding with the Practical setup, let us have a brief overview on Oracle Custom RDS
For more posts on AWS RDS please check the INDEX page or visit our YouTube channel
What is Oracle Custom RDS?
Amazon Relational Database Service (Amazon RDS) Custom is a managed database service for legacy, custom, and packaged applications that require access to the underlying OS and DB environment.
Amazon RDS Custom for Oracle automates setup, operation, and scaling of databases in the cloud while granting access to the database and underlying operating system to configure settings, install patches, and enable native features to meet the dependent application’s requirements.
So, in general, you can access the server and access your Database server to work further.
Comparison of features and responsibilities between Amazon EC2, RDS Custom for Oracle, and RDS
Current Availability Zones
US East (N. Virginia)
US East (Ohio)
US West (Oregon)
EU (Frankfurt)
EU (Ireland)
EU (Stockholm)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
Asia Pacific (Tokyo)
Steps:
In this post we will install Oracle Custom RDS with 19c Version
1. Placing of Binary files
Create a S3 bucket and place your Database Binaries and Patch files over there
aws s3 cp E:\Oracle\DB_Binaries\Oracle19.3\LINUX.X64_193000_db_home.zip s3://terraformtutorial1
2. Create a Symmetric AWS KMS Key for server side encryption
a. Go to Key Management Service
b. Then Click on Customer Managed Keys
c. Click Create Key
d. Choose Key Type as Symmetric
e. Keep rest as Default and Create the Key
3. Go to Amazon RDS and Click on Create Custom Engine Version from Custom Engine Versions tab as shown below
4. Provide the below details :
a. Major Version
b. Custom Engine Version Name
c. Description
d. Installation Media –> Browse S3 and provide the path where the Oracle Binaries were placed as per Step 1
e. Edit the CEV Manifest JSON from a Text file with the Oracle Binary and patch files names as present in the S3
f. Put the KMS Key which was created in Step 2.
g. Create Custom Engine Version
NOTE : Custom Engine Versions typically reach active status about 2 hours after creation. Create times can vary on the file you uploaded. You can view the status from the table as given below
5. Once the databases are created using the CEV, you can check the number of Databases or snapshots created using the concerned CEV from below
6. Create Instance Profile for IAM
a. Go to IAM
b. Create Policy
c. Provide the below JSON Script after changing the highlighted sections with your environment
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Action": [
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation",
"ssm:GetConnectionStatus",
"ssm:DescribeInstanceInformation",
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": [
"*"
]
},
{
"Sid": "2",
"Effect": "Allow",
"Action": [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Resource": [
"*"
]
},
{
"Sid": "3",
"Effect": "Allow",
"Action": [
"logs:PutRetentionPolicy",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Resource": [
"arn:aws:logs:'$REGION':*:log-group:rds-custom-instance*"
]
},
{
"Sid": "4",
"Effect": "Allow",
"Action": [
"s3:putObject",
"s3:getObject",
"s3:getObjectVersion"
],
"Resource": [
"arn:aws:s3:::do-not-delete-rds-custom-*/*"
]
},
{
"Sid": "5",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"cloudwatch:namespace": [
"RDSCustomForOracle/Agent"
]
}
}
},
{
"Sid": "6",
"Effect": "Allow",
"Action": [
"events:PutEvents"
],
"Resource": [
"*"
]
},
{
"Sid": "7",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret"
],
"Resource": [
"arn:aws:secretsmanager:'$REGION':'$ACCOUNT_ID':secret:do-not-delete-rds-custom-*"
]
},
{
"Sid": "8",
"Effect": "Allow",
"Action": [
"s3:ListBucketVersions"
],
"Resource": [
"arn:aws:s3:::do-not-delete-rds-custom-*"
]
},
{
"Sid": "9",
"Effect": "Allow",
"Action": "ec2:CreateSnapshots",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/AWSRDSCustom": "custom-oracle"
}
}
},
{
"Sid": "10",
"Effect": "Allow",
"Action": "ec2:CreateSnapshots",
"Resource": [
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Sid": "11",
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": [
"arn:aws:kms:'$REGION':'$ACCOUNT_ID':key/abcd1234-5678-eeff-9012-123456abcdef"
]
},
{
"Sid": "12",
"Effect": "Allow",
"Action": "ec2:CreateTags",
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:CreateAction": [
"CreateSnapshots"
]
}
}
}
]
}
d. Give the Policy name starting with “AWSRDSCustom” and create the policy
e. Create Role
f. Choose EC2 Use Case
g. From Permissions assign the just created Policy
h. Create the Role with Name prefix as “AWSRDSCustom”. Your DB instance creation will fail if you donot provide the prefix as provided above.
6. Create the database
Now since the CEV is created, let us proceed with creating the RDS Custom Oracle database
a. From RDS, click on Create database and Select Oracle and Amazon RDS Custom as shown below
b. Select the Desired Custom Engine
c. Select the Environment Template
d. Provide the DB Instance Identifier and set the Master User password
e. Provide the DB Instance class
f. VPC, Public Access needs to be set as desired
g. Select the IAM Instance Profile with the one we created earlier
h. Select the AWS KMS Key which was built earlier.
i. Provide the database name and create the database.
NOTE : Stopping/Starting the Oracle Custom RDS from RDS Console isn’t possible. A way out for this is stopping the EC2 instance where the Custom RDS is hosted, which will in turn error out the RDS.
7. Login to the Custom RDS Database from RDS Console
a. From RDS Instance, go to Configuration and find the DB Resource ID
b. The above Resource ID is the EC2 Identifier Name which you can check from your EC2 Console
c. Click on the details of the EC2 Instance and find the Key Pair Name
d. Now go to Secrets Manager fro AWS Console and open the Secret to Retrieve Secret Value
e. Copy the file from PlainText and save the file with .pem extension
f. With this private key you would be able to login to the EC2 instance to gain access to the database.
g. The database will be running with RDSDB user. Hence sudo to RDSDB user and then set the environment to login to the database