To VPC, or not to VPC

I’ve lately been experimenting with the Serverless Framework to create a boilerplate that I can use for new projects, and everything has been working really well!

The issue I’ve been facing is how to manage my persistent storage. I decided that I want to go with a relational postgres database in RDS. Mostly because I feel like the NoSQL solutions like DynamoDB is great for specific use cases but since my application won’t be divided up in microservices with specific tasks from start, a relational database seems like more of a safe bet.

Becuase the RDS database is created in a VPC to deny public access to it my lambdas can’t connect to it without being placed in the same VPC. I’ve done some research in the subject and my conclusion is that I have two choices which both have drawbacks.

  1. Place the lambdas in the same VPC - This has two drawbacks, the first one is the nasty cold-start times that can reach upwards 6-7 seconds depending on the memory size of my lambdas. The second one is that my lambdas will loose internet access unless i create a NAT gateway that will add cost to my projects. Since my aim is to keep my infrastructure under the AWS free tier, this is a problem.

  2. Allow the database to be publicly accessible - This gets rid of the issues with cold-starts and a NAT gateway, but I don’t feel comfortable to run a project in production with my database exposed.

Have anyone found a solution to this problem or something that feels “good enough”?

Something else you may want to try that I haven’t personally investigated is the Amazon Aurora Serverless Data API. This article does a really good job of explaining some of the tradeoffs – it looks like AWS recently had quite a few improvements too (~175ms first request time and <100ms subsequent request times)

I’ve been dealing with the same issue this week. I setup the VPC and subnets but wasn’t too excited about the cost of a NAT gateway.

I think the only other option is creating an EC2 t2.micro server for the NAT.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html

From a cost perspective:

EC2 t2.micro: $0.013 per hour (~9/month)
Aurora MySQL db.t3.small: $0.041 per hour (~$30/month)
NAT Gateway: $0.045 per hour (~$32/month)
Aurora PostgreSQL db.t3.medium: $0.082 per hour (~$59/month)

*Based on a 30 day month and on-demand pricing.

**Correction, the EC2 t2.micro is under the free-tier.

Thank you for the response!

Since I use my stack for proof of concepts I would like it to be under the free tier, so a EC2 t2.micro NAT seems like the way to go. Would be nice if I could configure it under the resources in my serverless.yml file to not get any manual steps

I think perhaps you may want to give DynamoDB a 2nd look as well. It seems intimidating but it can handle pretty much any transactional workload for a normal web application you can think of quite nicely.

We recently released a blog post looking at database options: https://serverless.com/blog/choosing-a-database-with-serverless/

1 Like