Setting Up RDS on AWS With QuickInfra: PostgreSQL and MySQL the Right Way

RDS is where most cloud architecture mistakes have the most expensive consequences. A database instance in a public subnet, without encryption, without a backup policy, or without multi-AZ failover is a time bomb. QuickInfra's RDS configuration defaults make it structurally hard to deploy a database incorrectly.

Default Configuration

Every RDS instance provisioned through QuickInfra starts with these defaults:

• Private subnet placement — no public IP, not reachable from the internet
• Encryption at rest — AES-256 via AWS KMS
• Automated backups — 7-day retention window, configurable up to 35 days
• Enhanced monitoring — 60-second granularity metrics to CloudWatch
• Deletion protection — enabled by default on production instances

Multi-AZ

Multi-AZ deploys a synchronous standby replica in a different availability zone. If the primary instance fails, RDS promotes the standby automatically in 60 to 120 seconds. For any database serving a production workload, multi-AZ is the correct configuration.

In QuickInfra's RDS resource configuration, multi-AZ defaults to enabled for production environment tags and can be disabled for cost savings in development environments.

Parameter Groups and Security

QuickInfra generates a custom parameter group for each RDS instance rather than using AWS defaults. The custom group enforces: SSL connections required (rds.force_ssl = 1 for PostgreSQL), slow query logging enabled, and audit logging for MySQL.

Connection Security

The security group attached to an RDS instance QuickInfra provisions allows inbound traffic only from the application server security group — not from a CIDR range, not from the internet, not from 0.0.0.0/0. Database port access is restricted to the application tier.

Snapshot Management

QuickInfra's Custom Scripts library includes an RDS snapshot script that can be scheduled to run on any frequency — useful for taking additional snapshots before a risky database migration or immediately before a major deployment.

Read Replicas

For read-heavy workloads, QuickInfra supports provisioning RDS Read Replicas as a separate infrastructure resource in the same project. The replica connection string is output from the Terraform apply and available in the project outputs view.