RDS Migration
Date: February 2026 | Downtime: ~3 minutes
Why We Migrated
Section titled “Why We Migrated”- Neon free tier quota exceeded — account locked, couldn’t even
pg_dump - Canadian data residency — Neon in US, RDS in ca-central-1 (Montreal)
- Cost predictability — Neon serverless billing unpredictable; RDS db.t4g.micro fixed ~$13/mo
- Fewer moving parts — eliminated auth-db Docker container
Architecture Change
Section titled “Architecture Change”Before: Backend → Neon (US) + Auth → auth-db container (Docker)
After: Backend → RDS ca-central-1 (mealpal DB) + Auth → RDS ca-central-1 (auth DB)
Both databases on one RDS instance, accessed by separate users with separate privileges.
RDS Instance
Section titled “RDS Instance”| Property | Value |
|---|---|
| Instance | db.t4g.micro (2 vCPU, 1GB RAM) |
| Engine | PostgreSQL 16.10 |
| Storage | 20GB gp3 |
| Encryption | AWS KMS |
| Publicly Accessible | No (VPC-only) |
| Backup | 7-day retention |
| Deletion Protection | Enabled |
SSL Gotchas
Section titled “SSL Gotchas”- asyncpg (Python): Use
ssl=requirein connect_args - pg (Node.js): Use
DATABASE_SSL=trueenv var. Do NOT putsslmode=requirein the URL — it conflicts withssl: { rejectUnauthorized: false }in Pool config
Cost Impact
Section titled “Cost Impact”RDS added ~$13/mo. Total AWS bill went from ~$22-25/mo to ~$35-38/mo.
Credentials
Section titled “Credentials”All stored in AWS SSM Parameter Store:
aws ssm get-parameter --name "/mealpal/rds/connection-urls" \ --with-decryption --region ca-central-1