There are several factors to consider before creating a new RDS instance including which region to create the RDS in and the VPC to use. The difference between regions will affect latency and how the data is transmitted. For example having your RDS in US-west-1 and your ECS and/or Cloud Services in US-east-1 will experience higher latency than having all services under the same region (Under most use cases this is negligible).
To avoid using VPC peering connections, the RDS should share the same VPC with the ECS and/or Cloud Services.
Create RDS Instance
Follow the console instructions to setup a new RDS instance. After the instance is running, you will need to configure the white-list to allow the ECS instances to connect to this database. Below shows examples of what this looks like.
Add the IPs of any ECS instance that you want to allow to connect to the RDS instance. Note that you can also grant permissions using Security Group which we are not covering in this example.
Setup PostgreSQL User
To connect to the PostgreSQL instance, you will also need a user account for the database instance. You will be able to create one "Privileged Account", which has elevated permissions and "Standard Accounts". When running applications, you want to use "Standard Accounts" to create and connect applications with.
At this point you will have configured an functioning RDS instance. The next step is to attempt to connect to the RDS instance.
PostgreSQL database has a IDE for connecting and managing PostgreSQL databases known as pgAdmin. This IDE is browser based and can be run as a Docker container. Below we will go through the process of how to setup such instance.
The traffic between pgAdmin and the RDS is occurring internally over the Internal Endpoint within the VPC. Regardless, we will setup Transport Layer Security (TLS) for connections between the IDE and RDS. To achieve this we will first create a self-signed certificate for pgAdmin.
Certificate for pgAdmin
To generate certificates for pgAdmin, use the following script:
The above script will generate the following files:
Assuming you are not using a reverse proxy and that port 443 is not already used by another application. pgAdmin should start using the Docker command below.
The Certificate generated is used to create a new pgAdmin Docker instance. In this example 'pgadmin' is a custom directory where the certificate files are located. This will allow the user to select the referenced certificate to use for SSL connections to the RDS.
Connect to instance
If pgAdmin is running on port 443, you should be to navigate to the application. Login to pgAdmin using the pgAdmin credentials. This will then allow you to login to the RDS database instance.
When using a reverse proxy check out the following article on how to configure pgAdmin as a sub-domain.