How do I decouple an Amazon RDS instance from an Elastic Beanstalk environment without downtime, database sync issues, or data loss?

Last updated: 2020-09-23

I have an Amazon Relational Database Service (Amazon RDS) DB instance attached to my AWS Elastic Beanstalk environment. I want to remove the dependencies between the instance and the environment. How can I avoid downtime, database sync issues, or data loss?

Short description

Follow the steps in the resolution to:

  • Use an Elastic Beanstalk blue (environment A)/green (environment B) deployment to decouple an RDS DB instance from environment A.
  • Create a new Elastic Beanstalk environment (environment B) with the necessary information to connect to the RDS DB instance.

Important: Attaching an RDS DB instance to an Elastic Beanstalk environment is ideal for development and testing environments. However, it's not recommended for production environments because the lifecycle of the database instance is tied to the lifecycle of your application environment. If you terminate the environment, then you lose your data because the RDS DB instance is deleted by the environment. For more information, see Using Elastic Beanstalk with Amazon RDS.

Resolution

Create an RDS DB snapshot

  1. Open the Elastic Beanstalk console.
  2. Choose the Elastic Beanstalk environment that you want to decouple from your RDS DB instance (environment A).
  3. In the navigation pane, choose Configuration.
  4. For Database, choose Modify.
  5. Choose Endpoint.
  6. Create an RDS DB snapshot of your RDS DB instance.

Safeguard your RDS DB instance from deletion

  1. Open the Amazon RDS console.
  2. Choose your database, and then choose Modify.
  3. In the Deletion protection section, select the Enable deletion protection option.
  4. Choose Continue.
  5. In the Scheduling Modifications section, choose Apply immediately.
  6. Choose Modify DB Instance.
  7. Refresh the Amazon RDS console, and then verify that deletion protection is enabled successfully.

Create a new Elastic Beanstalk environment

Your new Elastic Beanstalk environment (environment B) must not include an RDS DB instance in the same Elastic Beanstalk application.

Note: To perform a blue/green deployment (or CNAME swap) later, verify that environment A and environment B are using the same application version.

  1. Create environment B.
  2. Connect environment B to the existing RDS DB instance of environment A.
    Note: For more information, see Launching and connecting to an external Amazon RDS instance in a default VPC.
  3. Verify that environment B can connect to the existing RDS DB instance and that your application functions as expected.

Perform a blue/green deployment to avoid downtime

  1. Open the Elastic Beanstalk console for environment B.
  2. Swap the environment URLs of the old and new Elastic Beanstalk environments.
    Note: For more information, see Blue/green deployments with Elastic Beanstalk.
  3. Verify that the URL of environment B responds and is working as expected when you open it.

Important: Don't terminate environment A until the DNS changes are propagated and your old DNS records expire. DNS records can take up to 48 hours to expire. DNS servers don't necessarily clear old records from their cache based on the time to live (TTL) that you set on your DNS records.

Remove the security group rule for the old Elastic Beanstalk environment

  1. Open the Amazon RDS console.
  2. Choose your database.
  3. Choose the Connectivity & security view.
  4. From Security, choose the security group that you need to modify.
  5. For Actions, choose Edit inbound rules.
  6. Remove the rule that contains the security group of environment A as a source.
  7. In the Elastic Beanstalk console, verify that environment B and your application are working as expected.

Terminate the old Elastic Beanstalk environment

Terminate the old Elastic Beanstalk environment (environment A).

When you terminate an environment, all Elastic Beanstalk resources are deleted, except for the RDS DB instance and the old security group. Deletion protection prevents the deletion of the RDS DB instance and the old security group.

When you terminate an environment, you see the following error message in the Elastic Beanstalk events log:

Deleting RDS database named: aaxxxxxxxxxx failed Reason: Cannot delete protected DB Instance aaxxxxxxxxxx, please disable deletion protection and try again
Stack deletion failed: The following resource(s) failed to delete: [AWSEBRDSDatabase].

Delete the stack

  1. Open the AWS CloudFormation console.
  2. Choose the stack based on the environment ID of environment A.
    Note: The status of your stack is DELETE_FAILED.
  3. Choose Delete.
  4. In the Delete Stack pop-up window that lists your resources to retain, choose the RDS resources that are stuck in DELETE_FAILED status, and then choose Delete stack.
  5. (Optional) Terminate environment A, and then remove the RDS snapshot that you created earlier.

Did this article help?


Do you need billing or technical support?