By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I decouple an Amazon RDS instance from an Elastic Beanstalk environment without downtime, database sync issues, or data loss?

6 minute read
1

I have an Amazon Relational Database Service (Amazon RDS) DB instance that's attached to my AWS Elastic Beanstalk environment. I want to avoid downtime, database sync issues, and data loss when I remove the dependencies between the instance and the environment.

Short description

The following procedure decouples your database from an Elastic Beanstalk environment and doesn't affect the health of the environment:

  1. Create an Amazon RDS DB snapshot.
  2. Protect your RDS DB instance from deletion.
  3. Create a new Elastic Beanstalk environment.
  4. Perform a blue/green deployment.
  5. Update the database deletion policy for the old environment.
  6. Decouple the RDS instance from the old environment.
  7. Terminate the old environment.

Important: As a best practice, attach an RDS DB instance to an Elastic Beanstalk environment only in development and testing environments. In the production environment, the lifecycle of the database instance is tied to the lifecycle of your application environment. Therefore, it's a best practice not to attach the RDS DB instance to an Elastic Beanstalk environment in a production environment. If you terminate the environment, then you lose your data because the environment deletes the DB instance. For more information, see Using Elastic Beanstalk with Amazon RDS.

Resolution

Create an DB snapshot of your instance

To create an DB snapshot of your instance, complete the following steps:

  1. Open the Elastic Beanstalk console.
  2. Choose your Elastic Beanstalk environment.
  3. Copy the environment ID.
  4. Open the Amazon RDS console.
  5. In the navigation pane, choose Databases.
  6. Enter the environment ID in to the search field, and then select the database.
  7. Create a DB snapshot.

Protect your DB instance from deletion

To protect your DB instance from deletion, complete the following steps:

  1. Open the Amazon RDS console.
  2. In the navigation pane, choose Databases.
  3. Choose your database, and then choose Modify.
  4. Under Deletion protection, select Enable deletion protection, and then choose Continue.
  5. For Schedule modifications, choose Apply immediately, and then choose Modify cluster.
  6. Refresh the Amazon RDS console, and then verify that deletion protection is turned on.

Create a new Elastic Beanstalk environment

Note: Your new Elastic Beanstalk environment can't include a DB instance.

To create a new Elastic Beanstalk environment, complete the following steps:

  1. Create a new Elastic Beanstalk environment.
  2. Connect the new Elastic Beanstalk environment to the existing DB instance of the old Elastic Beanstalk environment. For more information, see Launching and connecting to an external Amazon RDS instance in a default virtual private cloud (VPC).
  3. Verify that the new environment connects to the existing DB instance and that your application works correctly.

Perform a blue/green deployment to avoid downtime

Note: To perform a blue/green deployment or CNAME swap later, both Elastic Beanstalk environments must be part of the same application.

To perform a blue/green deployment, complete the following steps:

  1. Open the Elastic Beanstalk console for the new environment.
  2. Exchange the environment URLs of the old and new Elastic Beanstalk environments. For more information, see Blue/green deployments with Elastic Beanstalk.
  3. Verify that the URL of the new environment responds and that your application works correctly.

Important: Terminate the old Elastic Beanstalk environment only after the DNS changes are propagated and your old DNS records expire. DNS records can take up to 48 hours to expire. DNS servers don't clear old records from their cache based on the time to live (TTL) that you set on your DNS records.

Update the database deletion policy for the old environment

To update the database deletion policy for the old environment, complete the following steps:

  1. Open the Elastic Beanstalk console for the old environment.
  2. In the navigation pane, choose Configuration.
  3. Under Networking and database, choose Edit.
  4. Under Database settings, set the Database deletion policy to Retain.
  5. Choose Apply. It can take a few minutes to save the configuration change.

Important: Proceed to the next step only after the Database deletion policy change is applied to the old environment.

Decouple the RDS instance from the old environment

To decouple the RDS instance from the old environment, complete the following steps:

  1. Open the Elastic Beanstalk console for the old environment.
  2. In the navigation pane, choose Configuration.
  3. Under Networking and database configuration, choose Edit.
  4. Under Database settings, verify that the Database deletion policy is set to Retain.
  5. In the Database connection section, choose Decouple database.
  6. Choose Apply.

Note: As the database decouples, the database remains operational. It usually takes less than 5 minutes to decouple a database.

Terminate the old environment

After you validate the new environment's functionality, terminate the old Elastic Beanstalk environment.

When you terminate the environment, all Elastic Beanstalk resources are deleted except for the DB instance and the RDS security group that Elastic Beanstalk created. When you create an RDS instance as a part of load balanced Elastic Beanstalk environment, Elastic Beanstalk creates an Elastic Load Balancing (ELB) security group. Elastic Beanstalk also creates an Amazon Elastic Compute Cloud (Amazon EC2) security group to attach to the EC2 instances in the environment. And, Elastic Beanstalk creates an RDS security group to attach to the RDS instance. To allow inbound traffic at port 3306 from the EC2 security group, Elastic Beanstalk adds a security group inbound rule to the RDS security group.

When you decouple the database, Elastic Beanstalk doesn't remove the security group inbound rule. This security group inbound rule references the EC2 security group from the RDS security group that Elastic Beanstalk created. When you terminate the environment, Elastic Beanstalk can't terminate the environment because the decouple RDS security group still references the EC2 security group.

To terminate the Elastic Beanstalk environment, complete the following steps:

  1. Open the Elastic Beanstalk console for the old environment.
  2. In the navigation pane, choose Configuration.
  3. Under Instance traffic and scaling, note the EC2 security group name that's under EC2 Security Groups.
  4. Open the Amazon EC2 console.
  5. In the navigation pane, choose Security Group.
  6. On the Security Groups page, enter the EC2 security group name.
  7. Note the security group ID. The format is similar to "sg-xxxxxxxx."
  8. Open the Amazon RDS console.
  9. In the navigation pane, choose Databases, and then choose the name of your DB instance.
  10. Under Connectivity and security, note the subnets, security groups, and endpoints. Then, under Security, choose the security group name.
  11. After the Security Groups page opens in the EC2 console, select the security group.
  12. For Inbound rules, choose Edit inbound rules.
  13. Identify the security group rule.
  14. Choose Delete, and then choose Save rules.
  15. Open the Elastic Beanstalk console for the old environment.
  16. Choose Actions, and then choose Terminate Environment. When you decouple the database, Elastic Beanstalk doesn't remove the security group inbound rule. The security group inbound rule references the EC2 security group from the RDS security group that Elastic Beanstalk created.
Topics
Compute
Tags
AWS Elastic Beanstalk
Language
English

Related videos

Watch Omar's video to learn more (8:00)
Watch Omar's video to learn more (8:00)
AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago
6 Comments

It would be great if the error messages and the underlying decouple issues were published and explained in plain English as to the cause and what to do next. For example, what do these error messages mean in the above context? "DB Allocated storage should be more than the previous value." "RDS DB Engine option setting is not allowed to changed"

Marc at Eggion
replied 10 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
AWS Official
replied 10 months ago

I am getting the same errors when trying to decouple a database from Elastic Beanstalk:

"DB Allocated storage should be more than the previous value." "RDS DB Engine option setting is not allowed to changed"

Shahzore Qureshi
replied 10 months ago

I am also getting an error when i try to decouple my database. I however just get the "DB Allocated storage should be more than the previous value." error message even though the only change i made was selecting decouple database. Is this a bug in AWS or am I missing something?

Lukas
replied 10 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
AWS Official
replied 10 months ago

I was able to do this from the CLI but not from the web console. In the web console, I received the same errors that the other people mentioned.

  1. Enable termination protection on my RDS instance
  2. Update ENV VARS for the EB environment to pass the hostname and port (once decoupled, ElasticBeanstalk will no longer provide these automatically in the preconfigured RDS_HOSTNAME and RDS_PORT env vars).
  3. Run eb config to open an editor. In the aws:rds:dbinstance section (for me, it was at the bottom), change DBDeletionPolicy to Retain
  4. Save and exit
  5. EB will automatically update your environment configuration
  6. Run eb config to open an editor. Now change HasCoupledDatabase to 'false'
  7. Save and exit
  8. EB will automatically update your environment configuration
Jared Casner
replied 5 months ago

Relevant content