Using Amazon Regional Aurora PostgreSQL storage

Aurora clusters can be deployed to your AWS region of choice by executing ./provision/aws/rds/aurora_create.sh with the following env:

This creates the necessary VPCs, subnets and routes required by an Aurora cluster as well as $AURORA_INSTANCES Aurora instances for said cluster. To create a multi-AZ database, create two instances The script currently doesn’t support more than two AZs for the instances created, all additional instances are distributed across the two AZs supported by the script. The script waits until the cluster and all instances are available. If the cluster already exists, a message indicating this is displayed and the script will fail with exit code 1.

In order to follow security best practices, the Aurora cluster is not exposed publicly over the internet. Instead, it is necessary for us to establish a Peering Connection between a ROSA cluster VPC and the Aurora Cluster VPC.

To configure such a connection run ./provision/aws/rds/aurora_create_peering_connection.sh with the following environment:

The scripts in this project ensure that all Aurora and ROSA clusters have non-overlapping machine-CIDR configured.

Use the following settings to configure the Aurora store:

The KC_DATABASE_URL should be the exposed endpoint of the Aurora writer instances. This can be obtained by executing the ./provision/aws/rds/aurora_endpoint.sh script with the following env:

See Customizing the deployment for a list of all configuration options.

The Aurora DB cluster is only accessible to ROSA clusters with an established Peering Connection, therefore all debugging connections must also originate from said clusters. A simple way to connect psql to the cluster is to execute the following:

This will create a pod in the Keycloak deployment namespace and establish a connection with the Aurora cluster. A password prompt will appear on initial connection and you should utilise the password defined in the Secret keycloak-db-secret. Upon exiting the pod shell, the pod will be deleted.

To drop the contents of the database, run the following command. Then restart all Keycloak nodes in all datacenters.

To remove a Peering Connections between a ROSA cluster and a specific Aurora cluster, execute ./provision/aws/rds/aurora_delete_peering_connection.sh with the following env:

To remove all Peering Connections between the ROSA and Aurora VPCS in a given region, execute ./provision/aws/rds/aurora_delete_peering_connection.sh with the following env:

Before deleting an Aurora cluster, it is first necessary for all Peering Connections established with ROSA cluster(s) to be removed.

To remove an Aurora cluster, execute ./provision/aws/rds/aurora_delete.sh with the following env: