Understand and build a hybrid database with Amazon RDS and Amazon Outposts

{"value":"Many customers are faced with the challenge of building and operating a hybrid infrastructure to support workloads that must run both in the cloud and on premises. In many cases, these hybrid workloads rely on a relational database to support the workload, which can be particularly challenging to build and support across a hybrid infrastructure. In this post, we cover the architecture and setup of a database spanning from an Amazon Web Services Region to [Amazon Web Services Outposts](https://aws.amazon.com/outposts/) using [Amazon Relational Database Service](http://aws.amazon.com/rds) ([Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail)) and [Amazon Elastic Compute Cloud](http://aws.amazon.com/ec2) (Amazon EC2).\n\nAt Amazon Web Services, we think of hybrid infrastructure as including the Region along with on-premises data centers and edge nodes like Outposts. Amazon Web Services Outposts brings Amazon Web Services infrastructure and services to virtually any data center, co-location space, or on-premises facility, in the form of one or more physical racks connected to the Amazon Web Services global network. A subset of native Amazon Web Services services run on premises on the Outpost, and you can connect to the full range of Amazon Web Services services available in your Region to support your workload.\n\nRelational databases are a common component of a hybrid workload. [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) is a managed service that makes it easy to set up, operate, and scale a relational database in [the cloud](https://aws.amazon.com/what-is-cloud-computing/) or on Outposts. When running [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) in the Region, you can choose between seven different database engines to support your workloads, and can choose from MySQL, PostgreSQL, and SQL Server when running on [Amazon RDS on Outposts](https://aws.amazon.com/cn/rds/outposts/?trk=cndc-detail).\n\n[Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) can operate both in the Region and on Outposts to support hybrid workloads. In this post, we use the native binary logging and replication of [Amazon RDS for MySQL](https://aws.amazon.com/rds/mysql/) hosted in a Region and an EC2 instance on the Outpost as a read replica. Although you could run a standalone VM in your data center to host the replica, using [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)on Outposts provides the same reliable, secure, and high-performance compute experience across the hybrid workload. Additionally, because [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)on Outposts uses the same APIs as services in the Region, you can use the same tools for deployment, security, and automation across the entire workload, leading to greater operational consistency over a self-managed VM option.\n\nIn this post, we show you how to solve a common hybrid infrastructure use case seen by customers supporting latency sensitive applications. In this use case, a customer is hosting a workload in the Amazon Web Services Region but has a need to host an instance of the application in their data center to provide low latency access for local data processing. The primary data base supporting the application in the Region is hosted on [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) for MySQL but the workload requires a local copy of the database due to latency requirements. RDS currently doesn’t support managed read replicas on Outposts, however we can solve this challenge by hosting a self-managed read replica on Outposts using EC2 and the native binary transaction logging of MySQL.\n\nUsing an EC2 hosted instance of a database on an Outpost can be the foundation for additional use cases customers may face. These use cases could be one time migration from the Region to an Outpost or for a disaster recovery location from the Region to a customer data center.\n\nAlthough we review the key components of a hybrid architecture, this post assumes you are familiar with Outposts, [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail), and basic setup and configuration of MySQL replication.\n\n### **Solution overview**\n\n\nThe following diagram shows the architecture of our hybrid infrastructure. With this architecture, an RDS for MySQL instance is deployed in a Region. [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) for MySQL does support self-managed replicas using native binary logging of transactions from the primary, we configure this instance with a managed read replica in the Region. The reason for using a fully managed read replica alongside the RDS primary instance is because with a few clicks, this configuration automatically sets up the primary to serve as a replication source for our read-only replica on Outposts later on. Be aware there is an increased cost when operating both RDS instances. You can configure the RDS primary instance for replication, but I have chosen to use the managed read replica in this post for simplicity.\n\n\n\nTo provide a host and storage for our read replica on the Outpost, we use an EC2 instance. Outposts supports a variety of EC2 instance types, which you can choose when configuring and ordering the Outpost. Because an Outpost has finite resources, it’s important to plan for capacity and performance when selecting both the EC2 instance type and the amount of [Amazon Elastic Block Store](http://aws.amazon.com/ebs) ([Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail)) storage.\n\nEven though this is a hybrid infrastructure, you can perform all the setup and configuration through the [Amazon Web Services Management Console](http://aws.amazon.com/console), [Amazon Web Services Command Line Interface](http://aws.amazon.com/cli) (Amazon Web Services CLI), API, or languages like Amazon Web Services CloudFormation or Terraform. This means you can develop one time, and deploy in the Region or on premises without having to rewrite your application or manage different sets of tools or processes.\n\nIn the configuration process that follows, four main areas comprise the solution:\n\n- **Create networking components** – In this section, I go over and review the required networking components and any Outposts-specific items to call out during setup\n- **Set up the RDS for MySQL database and read replica** – Here, I discuss the setup of our RDS database and managed read replica in the Region\n- **Set up the EC2 read replica** – I cover the [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)specifics and identify any supporting components needed, such as security groups\n- **Set up replication and validate the solution** – In the last section, I outline the steps to back up and restore the MySQL database to the EC2 instance to support replication from the Region\n\n### **Prerequisites**\n\nThis post assumes that you are familiar with the following:\n\n- Setting up MySQL 8 Community Server on Linux\n- Configuring MySQL replication\n- Amazon Web Services Outposts\n- [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail)\n\n### **Create networking components**\n\nThe networking components are the foundation our hybrid infrastructure solution is built on, and there are a few key items to be aware of when extending them to the Outpost.\n\nDuring the initial Outposts setup, a connection called a service link is established to the Region. A service link is an encrypted set of VPN connections that are used whenever the Outpost communicates with your chosen home Region. You can establish the service link using either [Amazon Web Services Direct Connect](https://aws.amazon.com/directconnect/) or over the public internet. In this example, we use Direct Connect as the service link connection.\n\nAn Outpost is homed to an Availability Zone in the Region over the service link. You can think of the Outpost as an extension of that Availability Zone. It’s important to choose the right Availability Zone when assigning resources, because some reside on the Outpost and some reside in the Region. In the preceding example, our workloads use Availability Zones A and B (AZa and AZb) in the Region, and the Outpost is homed to Availability Zone C (AZc). This paradigm of the Outpost becoming an extension of an Availability Zone persists regardless of the number of Availability Zones in a Region. Although some Amazon Web Services Regions have more than three Availability Zones, we use three in this example for simplicity.\n\nOther resources later in the post must be deployed to a specific Availability Zone to ensure they are deployed to the correct destination, the Region or the Outpost.\n\nTo create our network, we first use the [Amazon Virtual Private Cloud](http://aws.amazon.com/vpc) ([Amazon VPC](https://aws.amazon.com/cn/vpc/?trk=cndc-detail)) console to create a VPC. Use the Region that serves as the home base for your Outpost.\n\n1. On the [Amazon VPC](https://aws.amazon.com/cn/vpc/?trk=cndc-detail) console, choose **Your VPCs **in the navigation pane.\n2. Choose **Create VPC**.\n3. For **Name tag**, enter a name for the VPC.\n4. For **IPv4 CIDR**, choose a CIDR block and network mask.\n5. When finished, choose **Create VPC.**\n\n\n\nNext, let’s create two subnets in the Region.\n\n6. On the [Amazon VPC](https://aws.amazon.com/cn/vpc/?trk=cndc-detail) console, choose **Subnets** in the navigation pane.\n7. Choose **Create subnet.**\n8. For **VPC ID**, choose the VPC we just created.\n9. For **Subnet name**, enter a name for the subnet.\n10. For **Availability Zone**, choose an Availability Zone in the Region.\n11. For **IPv4 CIDR block**, enter a /24 range within the VPC CIDR created earlier.\n12. When finished, choose **Create subnet**.\n13. Repeat these steps to create a second subnet.\n\n\n\nThe procedure to create the subnet on the Outpost is almost the same as for the Region, but is created on the Outposts console instead of the [Amazon VPC](https://aws.amazon.com/cn/vpc/?trk=cndc-detail) console.\n\n14. On the Amazon Web Services Outposts console, select the Outpost.\n15. On the **Actions** menu, choose **Create subnet**.\n16. Follow the steps from the previous subnet creation procedure.\n\nDepending on your workload needs, you may need to create supporting components such as an internet gateway, routes, or a NAT gateway to allow your hosts access for things like OS package updates.\n\nNow that our network is created, we create the security groups that allow things like SSH access or allow our read replica on the Outpost to communicate over TCP port 3306 to the RDS instances in the Region.\n\nThe access required depends on the specific workload, but in all cases, we need a security group to allow inbound TCP port 3306 between the RDS instance and the EC2 instance. For more information, see [Controlling access with security groups.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html)\n\nWith the networking and security group resources in place, the hybrid infrastructure should look like the following diagram.\n\n\n\n### **Set up the RDS for MySQL database and read replica**\n\nFor the database, we use [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) for MySQL. Deploying the database in the Region is the same even though we’re in a hybrid infrastructure, but I call out some key steps in this section.\n\n1. On the [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) console, choose **Create database**.\n2. Because [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) can run in the Region or on the Outpost, it’s important to remember to select **Amazon Web Services Cloud** for **Database location options**.\n\n\n\n3. Select **MySQL** as the database engine type.\n\n\n\n4. For this post, we choose **MySQL 8.0.23** for **Version**.\n\n\n\n5. Choose the VPC that is extended to the Outpost we created earlier, ```vpc-rds-hybrid-01```.\n\n\n\n6. Choose the subnet group as well as the VPC security group to allow the EC2 instance to talk to the RDS instance over port 3306.\n7. For **Availability Zone**, select an Availability Zone in the Region.\n8. You can configure the remaining settings to meet the use case of your workload, but we recommend following Amazon Web Services security best practices such as enabling encryption in transit and at rest as well as picking a strong password for the database.\n9. Review your settings and choose **Create Database**.\n10. When the RDS instance in the Region is ready, we can [create a managed read replica](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html#USER_ReadRepl.Create).\n\nWe can use the read replica in the Region to scale read traffic requests to the primary database. It also has the added benefit of automatically configuring the RDS database as the primary database for replication.\n\nWith the RDS for MySQL primary instance and the managed read replica in place, the infrastructure should look like the following diagram.\n\n\n\n### **Set up the EC2 read replica**\n\nTo support workloads that need to operate on premises with a read-only relational database, we use an EC2 instance backed by an EBS volume on the Outpost running the [Amazon Linux 2](https://aws.amazon.com/amazon-linux-2/?amazon-linux-whats-new.sort-by=item.additionalFields.postDateTime&amazon-linux-whats-new.sort-order=desc) operating system. Launching an EC2 instance with [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) storage on an Outpost is like launching in the Region, with a few exceptions.\n\nDue the elasticity of the Amazon Web Services Cloud, considering size and capacity is rarely a concern, but an Outpost has a finite amount of resources like compute and storage. Consider the overall capacity of the Outpost and the amount of resources you anticipate the read replica using, such as CPU, memory, and storage.\n\nNote the following steps when setting up the read replica:\n\n1. To ensure the EC2 instance is launched on the Outpost and not the Region, make sure to use the VPC created earlier and, most importantly, the subnet associated with the Availability Zone of the Outpost. In this example, the subnet associated with the Outpost is AZc.\n\n\n2. Add an EBS volume to host the database.\n\n\n\nSSH access to the EC2 instance is required for the configuration steps to set up replication.\n\n3. If one doesn’t exist already, create a security group for the EC2 instance that allows SSH access to the host following security best practices.\n4. After you review all the configuration settings, choose **Launch** to launch the EC2 instance.\n\nWhen the EC2 instance has finished initializing, the architecture for the hybrid infrastructure should look like the following diagram.\n\n\n\n### **Set up replication and validate the solution**\n\nAfter configuring the previous items, you can now configure replication between the RDS primary instance in the Region and the EC2 instance on the Outpost.\n\nThis post assumes that you have previous experience setting up MySQL 8 Community Server on a Linux host as well as configuring replication. For this final step, I provide an overview of the process to deploy MySQL and enable replication. For a more detailed setup guide, refer to [How can I use binary logs from an Amazon RDS for MySQL active DB instance to replicate to an on-premises standby instance?](https://aws.amazon.com/premiumsupport/knowledge-center/replicate-amazon-rds-mysql-on-premises/)\n\nBegin by installing MySQL 8 Community Edition.\n\n1. Establish an SSH session to the EC2 read replica instance on the Outpost.\n2. Install MySQL 8 Community Edition:\n```\\nyum install -y mysql\\n```\n3.When MySQL is running on the EC2 instance, log in to MySQL and create a database called```mysqlreplicationtest```:\n\n```\\nmysql> create database msyqlreplicationtest; \\n```\n4. From the EC2 instance, log in to the RDS managed read replica instance and stop replication from the primary using the mysql command line call:\n\n```\\nmysql> call mysql.rds_stop_replication;\\n```\n5. Verify replication has stopped and record the ```Relay_Master_Log_File```and the ```Exec_Master_Log_Pos```to be used later to configure replication:\n\n```\\nmysql> call mysql.rds_stop_replication;\\nmysql> show slave status \\\\G\\n```\n6. Disconnect from the RDS managed read replica and use ```mysqldump```to create a backup of the database to be restored on the EC2 instance:\n\n```\\nDisconnect from the RDS managed read replica and use mysqldump to create a backup of the database to be restored on the EC2 instance:\\n\\n```\n7. When the backup is complete, restore the backup to the newly created database called ```mysqlreplicationtest```on the EC2 read replica instance:\n```\\nmysql -h localhost -u root -p mysqlreplicatest < backup_file_name.sql\\n```\n\n8. Stop MySQL on the EC2 instance and set the ```my.cnf```file to a unique server ID, such as ```server_id=2```, and the name of the database to replicate, in this case ```replicate-do-db=mysqlreplicationtest```:\n9. Save the file and restart MySQL on the EC2 read replica instance:\n\n```\\nsystemctl restart mysqld\\n```\n10. From the EC2 read replica, log in to the RDS primary instance and create a replication user and grant the necessary privileges to the user:\n\n```\\nmysql> create user repl_user@'%' identified by 'xxx';\\nmysql> grant replication slave, replication client, replication_slave_admin on *.* to 'xxx@'%';\\nmysql> show grants for repl_user@'%';\\n```\n11. From the EC2 read replica instance, establish a connection to the active RDS DB instance and set replication parameters:\n\n```\\nmysql> change master to master_host='<rds-hostname>', master_user='repl_user', master_password='xxx', master_log_file='mysql-bin-changelog.000xxx', master_log_pos= xxxx\\n```\n12. Start replication from the EC2 read replica and verify replication is running:\n\n```\\nmsyql> start slave\\nmysql> show slave status\\\\G\\n```\nFrom here, you should be able to create new tables and data in the ```mysqlreplicationtest```database on the RDS primary instance and see them replicated over to the EC2 instance on the Outpost. Our hybrid infrastructure is now ready to support a read-only workload on premises.\n\n\n\n### **Clean up**\n\nThis post is intended as a guide to help you build a hybrid infrastructure to support a database that spans the Region and an Outpost. If you followed along with this post, make sure you clean up your resources to prevent unexpected costs.\n\n1. [Stop and terminate](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html) the EC2 instance on the Outpost, ensuring the deletion of the EBS volume.\n2. [Delete](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) the [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail)-managed read replica in the Region.\n3. [Delete](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) the RDS for MySQL primary instance in the Region.\n4.[ Delete](https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html#VPC_Deleting) the VPC and related network components you may have created.\n\n### **Conclusion**\n\nIn this post, we discussed what a hybrid infrastructure looks like using Outposts and a Region. I explained that some workloads need to operate across this hybrid infrastructure, and having a database to support them in both places can be a key component driven by a variety of factors. [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) supports a variety of ways to deploy replicas, both managed in the Region or using native replication functions to deploy outside the Region on Amazon EC2.\n\nWith the examples outlined in this post, you should now have a good understanding of how to deploy an Amazon EC2-based read replica on an Outpost to support an on-premises workload.\n\nTo learn more, see the [Outposts product page](https://aws.amazon.com/outposts/) and [Working with Amazon RDS on Amazon Web Services Outposts](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) in the [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) User Guide. How will you use the information here to build your hybrid infrastructure? Please send us feedback either in the [Amazon Web Services forum](https://repost.aws/tags/TA63qOXQYdTja3NcQgJg9h-A/aws-outposts) for Amazon Outposts or through your Amazon Web Services support contacts.\n\n#### **About the Author**\n\n\n\n**Doug Hairfield** is a Senior Solutions Architect in the WWPS Federal Partner Solutions Architecture team at Amazon Web Services. He is passionate about helping customers build and architect solutions on Amazon Web Services, especially around hybrid environments and edge computing. Outside of work, he enjoys spending time with family, playing guitar, and open water distance swimming.","render":"<p>Many customers are faced with the challenge of building and operating a hybrid infrastructure to support workloads that must run both in the cloud and on premises. In many cases, these hybrid workloads rely on a relational database to support the workload, which can be particularly challenging to build and support across a hybrid infrastructure. In this post, we cover the architecture and setup of a database spanning from an Amazon Web Services Region to <a href=\\"https://aws.amazon.com/outposts/\\" target=\\"_blank\\">Amazon Web Services Outposts</a> using <a href=\\"http://aws.amazon.com/rds\\" target=\\"_blank\\">Amazon Relational Database Service</a> ([Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail)) and <a href=\\"http://aws.amazon.com/ec2\\" target=\\"_blank\\">Amazon Elastic Compute Cloud</a> (Amazon EC2).</p>\\n<p>At Amazon Web Services, we think of hybrid infrastructure as including the Region along with on-premises data centers and edge nodes like Outposts. Amazon Web Services Outposts brings Amazon Web Services infrastructure and services to virtually any data center, co-location space, or on-premises facility, in the form of one or more physical racks connected to the Amazon Web Services global network. A subset of native Amazon Web Services services run on premises on the Outpost, and you can connect to the full range of Amazon Web Services services available in your Region to support your workload.</p>\n<p>Relational databases are a common component of a hybrid workload. Amazon RDS is a managed service that makes it easy to set up, operate, and scale a relational database in <a href=\\"https://aws.amazon.com/what-is-cloud-computing/\\" target=\\"_blank\\">the cloud</a> or on Outposts. When running [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) in the Region, you can choose between seven different database engines to support your workloads, and can choose from MySQL, PostgreSQL, and SQL Server when running on [Amazon RDS on Outposts](https://aws.amazon.com/cn/rds/outposts/?trk=cndc-detail).</p>\\n<p>Amazon RDS can operate both in the Region and on Outposts to support hybrid workloads. In this post, we use the native binary logging and replication of <a href=\\"https://aws.amazon.com/rds/mysql/\\" target=\\"_blank\\">Amazon RDS for MySQL</a> hosted in a Region and an EC2 instance on the Outpost as a read replica. Although you could run a standalone VM in your data center to host the replica, using [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)on Outposts provides the same reliable, secure, and high-performance compute experience across the hybrid workload. Additionally, because [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)on Outposts uses the same APIs as services in the Region, you can use the same tools for deployment, security, and automation across the entire workload, leading to greater operational consistency over a self-managed VM option.</p>\\n<p>In this post, we show you how to solve a common hybrid infrastructure use case seen by customers supporting latency sensitive applications. In this use case, a customer is hosting a workload in the Amazon Web Services Region but has a need to host an instance of the application in their data center to provide low latency access for local data processing. The primary data base supporting the application in the Region is hosted on Amazon RDS for MySQL but the workload requires a local copy of the database due to latency requirements. RDS currently doesn’t support managed read replicas on Outposts, however we can solve this challenge by hosting a self-managed read replica on Outposts using EC2 and the native binary transaction logging of MySQL.</p>\n<p>Using an EC2 hosted instance of a database on an Outpost can be the foundation for additional use cases customers may face. These use cases could be one time migration from the Region to an Outpost or for a disaster recovery location from the Region to a customer data center.</p>\n<p>Although we review the key components of a hybrid architecture, this post assumes you are familiar with Outposts, Amazon RDS, and basic setup and configuration of MySQL replication.</p>\n<h3><a id=\\"Solution_overview_14\\"></a><strong>Solution overview</strong></h3>\\n<p>The following diagram shows the architecture of our hybrid infrastructure. With this architecture, an RDS for MySQL instance is deployed in a Region. Amazon RDS for MySQL does support self-managed replicas using native binary logging of transactions from the primary, we configure this instance with a managed read replica in the Region. The reason for using a fully managed read replica alongside the RDS primary instance is because with a few clicks, this configuration automatically sets up the primary to serve as a replication source for our read-only replica on Outposts later on. Be aware there is an increased cost when operating both RDS instances. You can configure the RDS primary instance for replication, but I have chosen to use the managed read replica in this post for simplicity.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/7ad2f7aca79c4d078a1b9b4a147358d3_image.png\\" alt=\\"image.png\\" /></p>\n<p>To provide a host and storage for our read replica on the Outpost, we use an EC2 instance. Outposts supports a variety of EC2 instance types, which you can choose when configuring and ordering the Outpost. Because an Outpost has finite resources, it’s important to plan for capacity and performance when selecting both the EC2 instance type and the amount of <a href=\\"http://aws.amazon.com/ebs\\" target=\\"_blank\\">Amazon Elastic Block Store</a> ([Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail)) storage.</p>\\n<p>Even though this is a hybrid infrastructure, you can perform all the setup and configuration through the <a href=\\"http://aws.amazon.com/console\\" target=\\"_blank\\">Amazon Web Services Management Console</a>, <a href=\\"http://aws.amazon.com/cli\\" target=\\"_blank\\">Amazon Web Services Command Line Interface</a> (Amazon Web Services CLI), API, or languages like Amazon Web Services CloudFormation or Terraform. This means you can develop one time, and deploy in the Region or on premises without having to rewrite your application or manage different sets of tools or processes.</p>\\n<p>In the configuration process that follows, four main areas comprise the solution:</p>\n<ul>\\n<li><strong>Create networking components</strong> – In this section, I go over and review the required networking components and any Outposts-specific items to call out during setup</li>\\n<li><strong>Set up the RDS for MySQL database and read replica</strong> – Here, I discuss the setup of our RDS database and managed read replica in the Region</li>\\n<li><strong>Set up the EC2 read replica</strong> – I cover the [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)specifics and identify any supporting components needed, such as security groups</li>\\n<li><strong>Set up replication and validate the solution</strong> – In the last section, I outline the steps to back up and restore the MySQL database to the EC2 instance to support replication from the Region</li>\\n</ul>\n<h3><a id=\\"Prerequisites_32\\"></a><strong>Prerequisites</strong></h3>\\n<p>This post assumes that you are familiar with the following:</p>\n<ul>\\n<li>Setting up MySQL 8 Community Server on Linux</li>\n<li>Configuring MySQL replication</li>\n<li>Amazon Web Services Outposts</li>\n<li>Amazon RDS</li>\n</ul>\\n<h3><a id=\\"Create_networking_components_41\\"></a><strong>Create networking components</strong></h3>\\n<p>The networking components are the foundation our hybrid infrastructure solution is built on, and there are a few key items to be aware of when extending them to the Outpost.</p>\n<p>During the initial Outposts setup, a connection called a service link is established to the Region. A service link is an encrypted set of VPN connections that are used whenever the Outpost communicates with your chosen home Region. You can establish the service link using either <a href=\\"https://aws.amazon.com/directconnect/\\" target=\\"_blank\\">Amazon Web Services Direct Connect</a> or over the public internet. In this example, we use Direct Connect as the service link connection.</p>\\n<p>An Outpost is homed to an Availability Zone in the Region over the service link. You can think of the Outpost as an extension of that Availability Zone. It’s important to choose the right Availability Zone when assigning resources, because some reside on the Outpost and some reside in the Region. In the preceding example, our workloads use Availability Zones A and B (AZa and AZb) in the Region, and the Outpost is homed to Availability Zone C (AZc). This paradigm of the Outpost becoming an extension of an Availability Zone persists regardless of the number of Availability Zones in a Region. Although some Amazon Web Services Regions have more than three Availability Zones, we use three in this example for simplicity.</p>\n<p>Other resources later in the post must be deployed to a specific Availability Zone to ensure they are deployed to the correct destination, the Region or the Outpost.</p>\n<p>To create our network, we first use the <a href=\\"http://aws.amazon.com/vpc\\" target=\\"_blank\\">Amazon Virtual Private Cloud</a> ([Amazon VPC](https://aws.amazon.com/cn/vpc/?trk=cndc-detail)) console to create a VPC. Use the Region that serves as the home base for your Outpost.</p>\\n<ol>\\n<li>On the Amazon VPC console, choose **Your VPCs **in the navigation pane.</li>\n<li>Choose <strong>Create VPC</strong>.</li>\\n<li>For <strong>Name tag</strong>, enter a name for the VPC.</li>\\n<li>For <strong>IPv4 CIDR</strong>, choose a CIDR block and network mask.</li>\\n<li>When finished, choose <strong>Create VPC.</strong></li>\\n</ol>\n<p><img src=\\"https://dev-media.amazoncloud.cn/756def0e46114ded98f6455f620c1b12_image.png\\" alt=\\"image.png\\" /></p>\n<p>Next, let’s create two subnets in the Region.</p>\n<ol start=\\"6\\">\\n<li>On the Amazon VPC console, choose <strong>Subnets</strong> in the navigation pane.</li>\\n<li>Choose <strong>Create subnet.</strong></li>\\n<li>For <strong>VPC ID</strong>, choose the VPC we just created.</li>\\n<li>For <strong>Subnet name</strong>, enter a name for the subnet.</li>\\n<li>For <strong>Availability Zone</strong>, choose an Availability Zone in the Region.</li>\\n<li>For <strong>IPv4 CIDR block</strong>, enter a /24 range within the VPC CIDR created earlier.</li>\\n<li>When finished, choose <strong>Create subnet</strong>.</li>\\n<li>Repeat these steps to create a second subnet.</li>\n</ol>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/5f214f47b8724cfd8e46e9da41ebb269_image.png\\" alt=\\"image.png\\" /></p>\n<p>The procedure to create the subnet on the Outpost is almost the same as for the Region, but is created on the Outposts console instead of the Amazon VPC console.</p>\n<ol start=\\"14\\">\\n<li>On the Amazon Web Services Outposts console, select the Outpost.</li>\n<li>On the <strong>Actions</strong> menu, choose <strong>Create subnet</strong>.</li>\\n<li>Follow the steps from the previous subnet creation procedure.</li>\n</ol>\\n<p>Depending on your workload needs, you may need to create supporting components such as an internet gateway, routes, or a NAT gateway to allow your hosts access for things like OS package updates.</p>\n<p>Now that our network is created, we create the security groups that allow things like SSH access or allow our read replica on the Outpost to communicate over TCP port 3306 to the RDS instances in the Region.</p>\n<p>The access required depends on the specific workload, but in all cases, we need a security group to allow inbound TCP port 3306 between the RDS instance and the EC2 instance. For more information, see <a href=\\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html\\" target=\\"_blank\\">Controlling access with security groups.</a></p>\\n<p>With the networking and security group resources in place, the hybrid infrastructure should look like the following diagram.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/441a0390e33b49d0ae15db5c9e2524ca_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Set_up_the_RDS_for_MySQL_database_and_read_replica_90\\"></a><strong>Set up the RDS for MySQL database and read replica</strong></h3>\\n<p>For the database, we use Amazon RDS for MySQL. Deploying the database in the Region is the same even though we’re in a hybrid infrastructure, but I call out some key steps in this section.</p>\n<ol>\\n<li>On the Amazon RDS console, choose <strong>Create database</strong>.</li>\\n<li>Because Amazon RDS can run in the Region or on the Outpost, it’s important to remember to select <strong>Amazon Web Services Cloud</strong> for <strong>Database location options</strong>.</li>\\n</ol>\n<p><img src=\\"https://dev-media.amazoncloud.cn/2efb4ca171e949029b61b9c876e1a9d6_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"3\\">\\n<li>Select <strong>MySQL</strong> as the database engine type.</li>\\n</ol>\n<p><img src=\\"https://dev-media.amazoncloud.cn/3f1a922bd39744c1bcf32c544fcd22cc_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"4\\">\\n<li>For this post, we choose <strong>MySQL 8.0.23</strong> for <strong>Version</strong>.</li>\\n</ol>\n<p><img src=\\"https://dev-media.amazoncloud.cn/cac042c85da7417c97ffc1eb2502c148_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"5\\">\\n<li>Choose the VPC that is extended to the Outpost we created earlier, <code>vpc-rds-hybrid-01</code>.</li>\\n</ol>\n<p><img src=\\"https://dev-media.amazoncloud.cn/c8d1a3de3738432487bec718adb7259f_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"6\\">\\n<li>Choose the subnet group as well as the VPC security group to allow the EC2 instance to talk to the RDS instance over port 3306.</li>\n<li>For <strong>Availability Zone</strong>, select an Availability Zone in the Region.</li>\\n<li>You can configure the remaining settings to meet the use case of your workload, but we recommend following Amazon Web Services security best practices such as enabling encryption in transit and at rest as well as picking a strong password for the database.</li>\n<li>Review your settings and choose <strong>Create Database</strong>.</li>\\n<li>When the RDS instance in the Region is ready, we can <a href=\\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html#USER_ReadRepl.Create\\" target=\\"_blank\\">create a managed read replica</a>.</li>\\n</ol>\n<p>We can use the read replica in the Region to scale read traffic requests to the primary database. It also has the added benefit of automatically configuring the RDS database as the primary database for replication.</p>\n<p>With the RDS for MySQL primary instance and the managed read replica in place, the infrastructure should look like the following diagram.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/63dcf9fc21734ec3a721744af091ffcf_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Set_up_the_EC2_read_replica_123\\"></a><strong>Set up the EC2 read replica</strong></h3>\\n<p>To support workloads that need to operate on premises with a read-only relational database, we use an EC2 instance backed by an EBS volume on the Outpost running the <a href=\\"https://aws.amazon.com/amazon-linux-2/?amazon-linux-whats-new.sort-by=item.additionalFields.postDateTime&amp;amazon-linux-whats-new.sort-order=desc\\" target=\\"_blank\\">Amazon Linux 2</a> operating system. Launching an EC2 instance with [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) storage on an Outpost is like launching in the Region, with a few exceptions.</p>\\n<p>Due the elasticity of the Amazon Web Services Cloud, considering size and capacity is rarely a concern, but an Outpost has a finite amount of resources like compute and storage. Consider the overall capacity of the Outpost and the amount of resources you anticipate the read replica using, such as CPU, memory, and storage.</p>\n<p>Note the following steps when setting up the read replica:</p>\n<ol>\\n<li>\\n<p>To ensure the EC2 instance is launched on the Outpost and not the Region, make sure to use the VPC created earlier and, most importantly, the subnet associated with the Availability Zone of the Outpost. In this example, the subnet associated with the Outpost is AZc.<br />\\n<img src=\\"https://dev-media.amazoncloud.cn/ca4c1c963ac142429fab7a20d9afa7f1_image.png\\" alt=\\"image.png\\" /></p>\n</li>\\n<li>\\n<p>Add an EBS volume to host the database.</p>\n</li>\\n</ol>\n<p><img src=\\"https://dev-media.amazoncloud.cn/49e82ec5c23e4044996b0df20219d275_image.png\\" alt=\\"image.png\\" /></p>\n<p>SSH access to the EC2 instance is required for the configuration steps to set up replication.</p>\n<ol start=\\"3\\">\\n<li>If one doesn’t exist already, create a security group for the EC2 instance that allows SSH access to the host following security best practices.</li>\n<li>After you review all the configuration settings, choose <strong>Launch</strong> to launch the EC2 instance.</li>\\n</ol>\n<p>When the EC2 instance has finished initializing, the architecture for the hybrid infrastructure should look like the following diagram.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/77eaed8b24094900b25cc5cc1f7f4be9_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Set_up_replication_and_validate_the_solution_147\\"></a><strong>Set up replication and validate the solution</strong></h3>\\n<p>After configuring the previous items, you can now configure replication between the RDS primary instance in the Region and the EC2 instance on the Outpost.</p>\n<p>This post assumes that you have previous experience setting up MySQL 8 Community Server on a Linux host as well as configuring replication. For this final step, I provide an overview of the process to deploy MySQL and enable replication. For a more detailed setup guide, refer to <a href=\\"https://aws.amazon.com/premiumsupport/knowledge-center/replicate-amazon-rds-mysql-on-premises/\\" target=\\"_blank\\">How can I use binary logs from an Amazon RDS for MySQL active DB instance to replicate to an on-premises standby instance?</a></p>\\n<p>Begin by installing MySQL 8 Community Edition.</p>\n<ol>\\n<li>Establish an SSH session to the EC2 read replica instance on the Outpost.</li>\n<li>Install MySQL 8 Community Edition:</li>\n</ol>\\n<pre><code class=\\"lang-\\">yum install -y mysql\\n</code></pre>\\n<p>3.When MySQL is running on the EC2 instance, log in to MySQL and create a database called<code>mysqlreplicationtest</code>:</p>\\n<pre><code class=\\"lang-\\">mysql&gt; create database msyqlreplicationtest; \\n</code></pre>\\n<ol start=\\"4\\">\\n<li>From the EC2 instance, log in to the RDS managed read replica instance and stop replication from the primary using the mysql command line call:</li>\n</ol>\\n<pre><code class=\\"lang-\\">mysql&gt; call mysql.rds_stop_replication;\\n</code></pre>\\n<ol start=\\"5\\">\\n<li>Verify replication has stopped and record the <code>Relay_Master_Log_File</code>and the <code>Exec_Master_Log_Pos</code>to be used later to configure replication:</li>\\n</ol>\n<pre><code class=\\"lang-\\">mysql&gt; call mysql.rds_stop_replication;\\nmysql&gt; show slave status \\\\G\\n</code></pre>\\n<ol start=\\"6\\">\\n<li>Disconnect from the RDS managed read replica and use <code>mysqldump</code>to create a backup of the database to be restored on the EC2 instance:</li>\\n</ol>\n<pre><code class=\\"lang-\\">Disconnect from the RDS managed read replica and use mysqldump to create a backup of the database to be restored on the EC2 instance:\\n\\n</code></pre>\\n<ol start=\\"7\\">\\n<li>When the backup is complete, restore the backup to the newly created database called <code>mysqlreplicationtest</code>on the EC2 read replica instance:</li>\\n</ol>\n<pre><code class=\\"lang-\\">mysql -h localhost -u root -p mysqlreplicatest &lt; backup_file_name.sql\\n</code></pre>\\n<ol start=\\"8\\">\\n<li>Stop MySQL on the EC2 instance and set the <code>my.cnf</code>file to a unique server ID, such as <code>server_id=2</code>, and the name of the database to replicate, in this case <code>replicate-do-db=mysqlreplicationtest</code>:</li>\\n<li>Save the file and restart MySQL on the EC2 read replica instance:</li>\n</ol>\\n<pre><code class=\\"lang-\\">systemctl restart mysqld\\n</code></pre>\\n<ol start=\\"10\\">\\n<li>From the EC2 read replica, log in to the RDS primary instance and create a replication user and grant the necessary privileges to the user:</li>\n</ol>\\n<pre><code class=\\"lang-\\">mysql&gt; create user repl_user@'%' identified by 'xxx';\\nmysql&gt; grant replication slave, replication client, replication_slave_admin on *.* to 'xxx@'%';\\nmysql&gt; show grants for repl_user@'%';\\n</code></pre>\\n<ol start=\\"11\\">\\n<li>From the EC2 read replica instance, establish a connection to the active RDS DB instance and set replication parameters:</li>\n</ol>\\n<pre><code class=\\"lang-\\">mysql&gt; change master to master_host='&lt;rds-hostname&gt;', master_user='repl_user', master_password='xxx', master_log_file='mysql-bin-changelog.000xxx', master_log_pos= xxxx\\n</code></pre>\\n<ol start=\\"12\\">\\n<li>Start replication from the EC2 read replica and verify replication is running:</li>\n</ol>\\n<pre><code class=\\"lang-\\">msyql&gt; start slave\\nmysql&gt; show slave status\\\\G\\n</code></pre>\\n<p>From here, you should be able to create new tables and data in the <code>mysqlreplicationtest</code>database on the RDS primary instance and see them replicated over to the EC2 instance on the Outpost. Our hybrid infrastructure is now ready to support a read-only workload on premises.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/6e679b7be28e460983c1bf0957d04f7e_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Clean_up_215\\"></a><strong>Clean up</strong></h3>\\n<p>This post is intended as a guide to help you build a hybrid infrastructure to support a database that spans the Region and an Outpost. If you followed along with this post, make sure you clean up your resources to prevent unexpected costs.</p>\n<ol>\\n<li><a href=\\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html\\" target=\\"_blank\\">Stop and terminate</a> the EC2 instance on the Outpost, ensuring the deletion of the EBS volume.</li>\\n<li><a href=\\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html\\" target=\\"_blank\\">Delete</a> the [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail)-managed read replica in the Region.</li>\\n<li><a href=\\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html\\" target=\\"_blank\\">Delete</a> the RDS for MySQL primary instance in the Region.<br />\\n4.<a href=\\"https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html#VPC_Deleting\\" target=\\"_blank\\"> Delete</a> the VPC and related network components you may have created.</li>\\n</ol>\n<h3><a id=\\"Conclusion_224\\"></a><strong>Conclusion</strong></h3>\\n<p>In this post, we discussed what a hybrid infrastructure looks like using Outposts and a Region. I explained that some workloads need to operate across this hybrid infrastructure, and having a database to support them in both places can be a key component driven by a variety of factors. Amazon RDS supports a variety of ways to deploy replicas, both managed in the Region or using native replication functions to deploy outside the Region on Amazon EC2.</p>\n<p>With the examples outlined in this post, you should now have a good understanding of how to deploy an Amazon EC2-based read replica on an Outpost to support an on-premises workload.</p>\n<p>To learn more, see the <a href=\\"https://aws.amazon.com/outposts/\\" target=\\"_blank\\">Outposts product page</a> and <a href=\\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html\\" target=\\"_blank\\">Working with Amazon RDS on Amazon Web Services Outposts</a> in the [Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail) User Guide. How will you use the information here to build your hybrid infrastructure? Please send us feedback either in the <a href=\\"https://repost.aws/tags/TA63qOXQYdTja3NcQgJg9h-A/aws-outposts\\" target=\\"_blank\\">Amazon Web Services forum</a> for Amazon Outposts or through your Amazon Web Services support contacts.</p>\\n<h4><a id=\\"About_the_Author_232\\"></a><strong>About the Author</strong></h4>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/d1fb62edf79042148ee0b300a5a137c8_image.png\\" alt=\\"image.png\\" /></p>\n<p><strong>Doug Hairfield</strong> is a Senior Solutions Architect in the WWPS Federal Partner Solutions Architecture team at Amazon Web Services. He is passionate about helping customers build and architect solutions on Amazon Web Services, especially around hybrid environments and edge computing. Outside of work, he enjoys spending time with family, playing guitar, and open water distance swimming.</p>\n"}