Databases¶
RDS Instances¶
Django API — MySQL 8.0¶
| Property | Value |
|---|---|
| Identifier | prod-nhc-django |
| Engine | MySQL 8.0 |
| Multi-AZ | ✅ Enabled (auto-failover) |
| Encryption | KMS CMK (prod-nhc-kms-rds) |
| Backup Retention | 7 days |
| Subnet Group | Private subnets (us-east-2a, us-east-2b) |
| Security Group | Allows 3306 from ec2-django SG only |
| HIPAA Scope | ✅ Stores PHI |
Password stored in SSM: /prod/nhc/django/db_password
WordPress CMS — MariaDB 10.11¶
| Property | Value |
|---|---|
| Identifier | prod-nhc-wpcms |
| Engine | MariaDB 10.11 |
| Multi-AZ | ✅ Enabled (auto-failover) |
| Encryption | KMS CMK (prod-nhc-kms-rds) |
| Backup Retention | 7 days |
| Subnet Group | Private subnets (us-east-2a, us-east-2b) |
| Security Group | Allows 3306 from ec2-app SG only |
| HIPAA Scope | ❌ No PHI |
Password stored in SSM: /staging/nhc/wp/rds_password
ElastiCache Redis¶
| Property | Value |
|---|---|
| Cluster | prod-nhc-django |
| Engine | Redis |
| Node Type | cache.t3.micro |
| Nodes | 1 (staging) / 2 (production for Multi-AZ) |
| Encryption at Rest | ✅ KMS CMK |
| Encryption in Transit | ✅ TLS enabled |
| Snapshot Retention | 7 days |
| Security Group | Allows 6379 from ec2-django SG only |
| SSM Parameter | /staging/nhc/django/redis_url |
Purpose: Celery broker for Django async task processing. Replaces the Docker sidecar Redis container for reliability and HIPAA compliance.
Migration Pending
The Django docker-compose still uses a local Redis sidecar. Switch to the ElastiCache URL stored in SSM to complete the migration.
Connection Diagram¶
graph LR
EC2D["ec2-django"] -->|3306| RDS1["RDS MySQL 8.0<br/>prod-nhc-django"]
EC2D -->|6379/TLS| REDIS["ElastiCache Redis<br/>prod-nhc-django"]
EC2A["ec2-app"] -->|3306| RDS2["RDS MariaDB 10.11<br/>prod-nhc-wpcms"]