Aurora Serverless with CFN

Aurora Serverless with CFN AWS_EN

Aurora Serverless is a managed database service provided by AWS.

Amazon Aurora Serverless is an on-demand, autoscaling configuration for Amazon Aurora. It automatically starts up, shuts down, and scales capacity up or down based on your application’s needs. You can run your database on AWS without managing database capacity.

Amazon Aurora Serverless

Our goal is to build Aurora Serverless with CloudFormation and access it from an EC2 instance.

There are two versions of Aurora Serverless, but we will focus on v1.
This is due to the CloudFormation specification cited below.

The serverless engine mode only supports Aurora Serverless v1. Currently, AWS CloudFormation doesn’t support Aurora Serverless v2.



Diagram of Aurora Serverless

Create three subnets in the VPC.
All of them are private subnets with no access to the Internet.

Create Aurora Serverless and associate it with two subnets with different AZs.
Specify the latest version of the MySQL type.

Create an EC2 instance.
Use it as a client to connect to Aurora Serverless.
Specify the latest version of Amazon Linux 2 as the OS.

Create an SSM endpoint.
This is for remote access to the EC2 instance using SSM Session Manager.

Also create an S3 endpoint.
This is used to access the yum repository that will be built on the S3 bucket.

CloudFormation template files

Build the above configuration with CloudFormation.
The CloudFormation templates are located at the following URL

awstut-fa/058 at main · awstut-an-r/awstut-fa
Contribute to awstut-an-r/awstut-fa development by creating an account on GitHub.

Explanation of key points of the template files

Security Group

Check the security groups for the EC2 instance and Aurora Serverless.

    Type: AWS::EC2::SecurityGroup
      GroupName: !Sub "${Prefix}-InstanceSecurityGroup"
      GroupDescription: Deny All.
      VpcId: !Ref VPC
    Type: AWS::EC2::SecurityGroup
      GroupName: !Sub "${Prefix}-DBSecurityGroup"
      GroupDescription: DBSecurityGroup.
      VpcId: !Ref VPC
        - IpProtocol: tcp
          FromPort: !Ref MySQLPort
          ToPort: !Ref MySQLPort
          SourceSecurityGroupId: !Ref InstanceSecurityGroup
Code language: YAML (yaml)

The former is for instances.
It does not specify the inbound communication to be allowed.
In this configuration, there is no inbound communication to the instance.

The latter is for Aurora Serverless.
This time, since Aurora Serverless of the MySQL type is created, the port for MySQL communication (tcp/3306) is permitted.
For the source, set the aforementioned security group for the instance.

Aurora Serverless

    Type: AWS::RDS::DBSubnetGroup
      DBSubnetGroupName: dbsubnetgroup
      DBSubnetGroupDescription: test subnet group
        - !Ref PrivateSubnet2
        - !Ref PrivateSubnet3
    Type: AWS::RDS::DBCluster
      DatabaseName: !Ref DBName
      DBClusterIdentifier: !Ref DBClusterIdentifier
      DBSubnetGroupName: !Ref DBSubnetGroup
      Engine: !Ref DBEngine
      EngineMode: serverless
      EngineVersion: !Ref DBEngineVersion
      MasterUsername: !Ref DBMasterUsername
      MasterUserPassword: !Ref DBMasterUserPassword
      StorageEncrypted: true
        - !Ref DBSecurityGroup

  #  Type: AWS::RDS::DBInstance
  #  Properties:
  #    ...
Code language: YAML (yaml)

To create Aurora Serverless, at least two resources must be defined.

The first is the DB subnet group.
There are requirements for the subnets to be associated with RDS.

Create subnets in different Availability Zones for the DB subnet group that you use for your Aurora Serverless v1 DB cluster.

Configuration requirements for Aurora Serverless v1

Specify the subnets created for each of the two AZs to meet the above requirements.

The second is a DB cluster.
The key point is the EngineMode property.
Specify “serverless” to create Aurora Serverless.

Specify the engine and version of the DB to be created in the Engine and EngineVersion properties.
In this case, we will specify the most recent MySQL version as of July 2022, so specify “aurora-mysql” for the former and “5.7.mysql_aurora.2.07.1” for the latter.
Please note that “aurora” must be specified in the Engine property when selecting MySQL 5.6 series.

Please refer to the following page for the engine versions supported by Aurora Serverless v1.

Supported features in Amazon Aurora by AWS Region and Aurora DB engine - Amazon Aurora
Learn which features are available in each AWS Region for Amazon Aurora MySQL-Compatible Edition and Amazon Aurora PostgreSQL-Compatible Edition.

When creating Aurora Serverless, it is sufficient to define a DB cluster.
Since Aurora Serverless is a managed service, you do not need to define any internally generated DB instances.

EC2 Instance

    Type: AWS::EC2::Instance
      IamInstanceProfile: !Ref InstanceProfile
      ImageId: !Ref ImageId
      InstanceType: !Ref InstanceType
        - DeviceIndex: 0
          SubnetId: !Ref PrivateSubnet
            - !Ref InstanceSecurityGroup
      UserData: !Base64 |
        #!/bin/bash -xe
        yum update -y
        yum install -y mariadb
Code language: YAML (yaml)

2 instance is used to verify the connection to Aurora Serverless.
Therefore, in the UserData property, as part of the initialization process of the instance, we specify package installation by yum.
This time, since we are creating a MySQL type Aurora Serverless, we will install the client for MySQL (mysql) by installing the mariadb package.

For more information on the initialization process, please refer to the following page

For more information on how to connect to RDS from Amazon Linux 2, please refer to the following page

For information on how to run yum in a private subnet, please refer to the following page


Use CloudFormation to build this environment and check the actual behavior.

Create CloudFormation stacks and check resources in stacks

Create CloudFormation stacks.
For information on how to create stacks and check each stack, please refer to the following page

After checking the resources in each stack, information on the main resources created this time is as follows

  • EC2 instance: i-096b962150f8473aa
  • DB cluster for Aurora Serverless: fa-058-dbcluster
  • Aurora Serverless endpoint:
  • Master user name for Aurora Serverless: testuser
  • Password for the master user of Aurora Serverless: Passw0rd
  • Database name to be created in Aurora Serverless: testdb

We also check the creation status of Aurora Serverless from the AWS Management Console.

Detail of Aurora Serverless.

We can see that the DB cluster is indeed in Aurora Serverless mode and the engine type is the MySQL type.
We can also see that the endpoint mentioned above has been created and the communication port is 3306.

Check Action

Now that everything is ready, let’s access the EC2 instance.
Use SSM Session Manager to access the instance.

% aws ssm start-session --target i-096b962150f8473aa

Starting session with SessionId: root-08ee1c5f1155eb7dd
Code language: Bash (bash)

For more information on SSM Session Manager, please see the following page

Check the installation status of mariadb.

sh-4.2$ yum list installed | grep mariadb
mariadb.x86_64                        1:5.5.68-1.amzn2                 @amzn2-core
mariadb-libs.x86_64                   1:5.5.68-1.amzn2                 installed
Code language: Bash (bash)

Installed successfully.

Next, check mysql client.

sh-4.2$ mysql -V
mysql  Ver 15.1 Distrib 5.5.68-MariaDB, for Linux (x86_64) using readline 5.1
Code language: Bash (bash)

The client is now installed.

Now that the client installation has been confirmed, connect to Aurora Serverless.
Specify the Aurora Serverless endpoint and pass the port number, user name, and password as arguments.

$ mysql -h -P 3306 -u testuser -p testdb
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.12 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [testdb]>
Code language: Bash (bash)

You have successfully connected.
You can see that Aurora Serverless has been successfully created.


We have confirmed how to create Aurora Serverless with CloudFormation.