Using a database
AWS offers the RDS (opens in a new tab) service to run MySQL and PostgreSQL databases.
Here are some of the database services offered by RDS:
- MySQL
- PostgreSQL
- Aurora MySQL/PostgreSQL (opens in a new tab): AWS-managed database compatible with MySQL or PostgreSQL
- Aurora Serverless v2 MySQL/PostgreSQL (opens in a new tab): similar to Aurora but scales automatically on-demand
Aurora Serverless can be configured to scale down to 0 when unused (which costs $0), however be careful with this option: the database can take up to 15 seconds to un-pause.
Internet-accessible vs VPC databases
| Internet-accessible | VPC (private network) | |
|---|---|---|
| Security | Password only | Network-isolated + password |
| Best for | Non-critical projects | Projects requiring strong isolation |
| Complexity | Simple | Requires VPC + NAT Gateway |
| Extra cost | None | ~$32/month for NAT Gateway |
| Access from your machine | Direct connection | Via SSH tunnel (7777 (opens in a new tab)) |
An internet-accessible database is the simplest option and works well for most projects. Use a VPC database when you need stronger network isolation.
Internet-accessible databases
In the Bref Cloud dashboard, open the "Databases" page and click "Create database" (opens in a new tab).
Fill in the form and click "Create":
The configuration with credentials securely stored in SSM will be displayed once the database is created.
VPC databases (private network)
Bref Cloud handles VPC creation, subnets, security groups, and NAT Gateway configuration for you.
1. Create a network in the Bref Cloud dashboard:
The network includes a VPC, subnets, security groups, and a NAT Gateway (~$33/month, shown in the dashboard). A single network can be reused across multiple applications and databases.
2. Create a database and select the network you created.
3. Deploy — Bref Cloud automatically adds the VPC configuration to your deployment. No changes to serverless.yml are needed.
Learn more in the AWS documentation about configuring a Lambda to access resources in a VPC (opens in a new tab).
Connecting from PHP
Bref Cloud (opens in a new tab) automatically creates SSM parameters for your database credentials and provides the environment variables to set up.
If you are not using Bref Cloud, store credentials in SSM parameters (read more) and configure the environment variables in serverless.yml:
provider:
environment:
DB_HOST: <endpoint>
DB_DATABASE: my_database
DB_USERNAME: ${ssm:/my-app/db-username}
DB_PASSWORD: ${ssm:/my-app/db-password}Laravel reads these environment variables automatically to configure the database connection.
Also refer to the Extensions section to see if you need to enable any database-specific extensions.
Running database migrations
bref command "migrate --force"A console function must be defined in your serverless.yml. Check the getting started guides for examples.
Accessing the database from your machine
Internet-accessible databases can be connected to directly from your machine using tools like TablePlus, DBeaver, or any database client.
VPC databases cannot be accessed from the internet directly. To connect from your machine, use an SSH tunnel.
To create an SSH tunnel easily and securely, check out 7777 (opens in a new tab), made by Bref maintainers:
To expose the database publicly on the internet instead, follow this guide.