AWS Database and EFS Setup for RegScale

# Set variables - REPLACE WITH YOUR VALUES CLUSTER_NAME="" REGION="" # Get EKS cluster information VPC_ID=$(aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query "cluster.resourcesVpcConfig.vpcId" --output text) # Get VPC CIDR for security group VPC_CIDR=$(aws ec2 describe-vpcs --vpc-ids $VPC_ID --query "Vpcs[0].CidrBlock" --output text) # Get subnet IDs (use private subnets for RDS) SUBNET_IDS=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC_ID" \ --query "Subnets[?MapPublicIpOnLaunch==\`false\`].SubnetId" \ --output text) echo "Creating RegScale RDS database in VPC: $VPC_ID ($VPC_CIDR)" # Create RDS subnet group aws rds create-db-subnet-group \ --db-subnet-group-name regscale-subnet-group \ --db-subnet-group-description "RegScale RDS subnet group" \ --subnet-ids $SUBNET_IDS \ --region $REGION # Create RDS security group RDS_SG_ID=$(aws ec2 create-security-group \ --group-name regscale-rds-sg \ --description "Security group for RegScale RDS" \ --vpc-id $VPC_ID \ --region $REGION \ --query 'GroupId' --output text) echo "Created RDS Security Group: $RDS_SG_ID" # Allow SQL Server traffic from VPC CIDR aws ec2 authorize-security-group-ingress \ --group-id $RDS_SG_ID \ --protocol tcp \ --port 1433 \ --cidr $VPC_CIDR \ --region $REGION # Create RDS SQL Server instance echo "Creating RegScale SQL Server RDS instance..." aws rds create-db-instance \ --db-instance-identifier regscale-db \ --db-instance-class db.r5.large \ --engine sqlserver-se \ --license-model license-included \ --master-username regscale_admin \ --master-user-password 'YourSecurePassword123!' \ --allocated-storage 100 \ --vpc-security-group-ids $RDS_SG_ID \ --db-subnet-group-name regscale-subnet-group \ --backup-retention-period 7 \ --storage-encrypted \ --region $REGION # Wait for RDS instance to be available echo "Waiting for RDS instance to become available..." aws rds wait db-instance-available --db-instance-identifier regscale-db --region $REGION # Get RDS endpoint RDS_ENDPOINT=$(aws rds describe-db-instances \ --db-instance-identifier regscale-db \ --region $REGION \ --query 'DBInstances[0].Endpoint.Address' --output text) echo "" echo "=== RegScale RDS Setup Complete ===" echo "RDS Instance: regscale-db" echo "RDS Endpoint: $RDS_ENDPOINT" echo "RDS Security Group ID: $RDS_SG_ID" echo "Region: $REGION"

# Get EKS cluster information (reuse variables from Step 1) VPC_ID=$(aws eks describe-cluster --name $CLUSTER_NAME --region $REGION --query "cluster.resourcesVpcConfig.vpcId" --output text) # Get VPC CIDR for security group VPC_CIDR=$(aws ec2 describe-vpcs --vpc-ids $VPC_ID --query "Vpcs[0].CidrBlock" --output text) # Get subnet IDs for EFS mount targets SUBNET_IDS=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC_ID" \ --query "Subnets[?MapPublicIpOnLaunch==\`false\`].SubnetId" \ --output text) # Create EFS file system EFS_ID=$(aws efs create-file-system \ --availability-zone-name $REGION \ --performance-mode generalPurpose \ --throughput-mode provisioned \ --provisioned-throughput-in-mibps 100 \ --encrypted \ --region $REGION \ --tags Key=Name,Value=regscale-efs \ --query 'FileSystemId' --output text) echo "Created EFS File System: $EFS_ID" # Create security group for EFS EFS_SG_ID=$(aws ec2 create-security-group \ --group-name regscale-efs-sg \ --description "Security group for RegScale EFS" \ --vpc-id $VPC_ID \ --region $REGION \ --query 'GroupId' --output text) # Allow NFS traffic from VPC CIDR aws ec2 authorize-security-group-ingress \ --group-id $EFS_SG_ID \ --protocol tcp \ --port 2049 \ --cidr $VPC_CIDR \ --region $REGION # Create mount targets for each subnet for subnet in $SUBNET_IDS; do aws efs create-mount-target \ --file-system-id $EFS_ID \ --subnet-id $subnet \ --security-groups $EFS_SG_ID \ --region $REGION done echo "EFS Setup Complete: $EFS_ID" # Create EFS Access Point with proper permissions for RegScale EFS_ACCESS_POINT=$(aws efs create-access-point \ --file-system-id $EFS_ID \ --posix-user Uid=1001,Gid=1001 \ --root-directory Path="/regscale",CreationInfo='{OwnerUid=1001,OwnerGid=1001,Permissions=0755}' \ --tags Key=Name,Value=regscale-access-point \ --region $REGION \ --query 'AccessPointId' --output text) echo "" echo "=== EFS Access Point Created ===" echo "Access Point ID: $EFS_ACCESS_POINT" echo "This access point has UID/GID 1001:1001 and 0755 permissions pre-configured"

# Install EFS CSI driver as an EKS add-on aws eks create-addon \ --cluster-name $CLUSTER_NAME \ --addon-name aws-efs-csi-driver \ --region $REGION # Verify the installation kubectl get pods -n kube-system -l app=efs-csi-controller kubectl get pods -n kube-system -l app=efs-csi-node