Python Zappa + db + external web (setting up VPC)

In the previous post, we created a project using Django-CookieCutter. We deployed it to AWS Lambda with Python's Zappa, using PyCharm for sanity preservation.

Here, we set up AWS to grant our app access to an AWS postgres DB, and to the external internet. 

Log in to AWS, select VPC.

Let's start by making an Elastic IP. This just involves clicking 'ok' a few times. Once done, 'Start VPC Wizard'. 

Make sure you select VPC with public and private subnets.

To save you from madness, please make sure that your Public and Private subnet zones differ. It is very easy to miss this! Please dont! Make sure you select for 'Elastic IP Allocation ID' the Elastic IP you just created.

Question for someone: are 251 IP addresses per subnet sufficient?

Wait a bit ;)

Let's give our app access to some features of AWS. Select Endpoints. Then 'Create Endpoint'. 

Select the Service ending in S3. Make sure to associate it with the private subnet. Regarding 'Policy'. I gave mine 'Full Access'.  Then 'Create Endpoint'. 

Because we used the VPC wizard, we have both an Internet Gateway and an NAT Gateway set up for us already. This saves some headache, as it is very important that these are each associated with specific subnets and we dont have to worry now about setting this up OMFG (see for manual set up).

Let's copy down the PRIVATE subnet IDs (that was created for you by the wizard) and add them to our Zappa_settings.json file. 

Let's do the same for the Security Group that was created.


Finally, let's create a DB in AWS. Go back to the AWS dashboard, under Dabase select RDS. Let's launch a DB instance. Select PostgreSQL, Production.

Note that  AWS autoselect a super expensive DB for you. Make sure to update 'DB instance class'. Specify your DB details such as username and password and add these to your zappa_settings.json file.

After, you are confronted with the below screen. Make sure to select the VPC you created before. 

Question: does the zone have to be different from the existing subnets?

Once created, we need to edit the DB security group, to add some inbound rules. Scroll down to 'Security groups' and click on your db security group.

Then, we need to add an inbound rule with 'source' being the same security group you entered into your zappa_settings.json file.

Let's run zappa update and see what happens.





This article was updated on 16 April 2019