Deploying the Postgres database

Many frameworks for working with AWS serverless architectures expose access to CloudFormation, AWS's tool for managing multiple related resources as a single entity. The Serverless Framework is no different and, in fact, the CloudFormation interface is verbatim CloudFormation templating with a few nice add-ons specifically for variables, environment variables included. A common theme here is that this is a huge topic and the details are out of the scope of this book.

CloudFormation creates the RDS instance on our behalf with several lines of setup in serverless.yml. Details aside, note how there are multiple references to ${env:VPC_ID} and other calls to ${env:}. The ${env} syntax is a method for pulling variables from the environment that exists in the Docker container from our process of starting up the container. You may accomplish the same thing on your host system provided you have a way of managing environment variables.

Much of the complexity of this setup comes from the fact that Lambda functions by default will not have network access to AWS resources inside a virtual private cloud (VPC). Since RDS instances need to run inside a VPC, the Lambda functions need to be configured to run inside the same VPC and permissions set up accordingly:

resources:
  Resources:
    ServerlessSecurityGroup:
      Type: AWS::EC2::SecurityGroup
      Properties:
        GroupDescription: SecurityGroup for Serverless Functions
        VpcId: ${env:VPC_ID}
    RDSSecurityGroup:
      Type: AWS::EC2::SecurityGroup
      Properties:
        GroupDescription: Ingress for RDS Instance
        VpcId: ${env:VPC_ID}
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '5432'
          ToPort: '5432'
          SourceSecurityGroupId:
            Ref: ServerlessSecurityGroup
    RDSSubnetGroup:
      Type: AWS::RDS::DBSubnetGroup
      Properties:
        DBSubnetGroupDescription: RDS Subnet Group
        SubnetIds:
          - ${env:SUBNET_ID_A}
          - ${env:SUBNET_ID_B}
          - ${env:SUBNET_ID_C}
    RDSPostgresInstance:
      Type: AWS::RDS::DBInstance
      Properties:
        AllocatedStorage: 100
        AutoMinorVersionUpgrade: true
        AvailabilityZone: ${self:provider.region}a
        DBInstanceClass: db.t2.micro
        DBName: ${env:CUPPING_DB_NAME}
        DBSubnetGroupName:
          Ref: RDSSubnetGroup
        Engine: postgres
        EngineVersion: 9.6.2
        MasterUsername: ${env:CUPPING_DB_USERNAME}
        MasterUserPassword: ${env:CUPPING_DB_PASSWORD}
        PubliclyAccessible: false
        VPCSecurityGroups:
          - Fn::GetAtt: RDSSecurityGroup.GroupId

During deployment, the Serverless Framework will add any defined Resources into the default CloudFormation template and deploy them together. Having our database described, we can perform a make deploy and see our dedicated PostgreSQL resource.