Configure Azure MySQL Database firewall - mysql

I created an Azure MySQL Database for a school project, but i have issues with the firewall. Indeed, if i want my friends to connect to the database, i have to add manually their ip address to the firewall.
But the real problem is that i'm not sure that my teacher will accept to share his ip address with me, so he'll maybe not be able to evaluate my work.
So i have tried to disable the firewall (I don't need so much security it's just a school project, and the database will be removed after the evaluation), but i have only found solutions for Azure SQL Database that use settings that don't exist (or no longer exist) for Azure MySQL Database. I have also found this solution using the azure CLI:
https://learn.microsoft.com/en-us/azure/mysql/howto-manage-firewall-using-cli#:~:text=message%20text%20instead.-,Delete%20a%20firewall%20rule%20on%20Azure%20Database%20for%20MySQL%20Server,of%20the%20existing%20firewall%20rule
but the commands don't find my server, and if i execute this command:
az mysql server list --resource-group myresourcegroup
my resource group is found, but it returns an empty list, despite my server really appears in Azure GUI in this resource group
Can you help me to disable this firewall please.

The firewall rules I see in my database instance allow me to create a 0.0.0.0-255.255.255.255 IP range to allow all the hosts.
Obviously, this is not at all secure, but should 'disable' the firewall.
If you need to do it in CLI then the command would be:
az mysql server firewall-rule create --resource-group <rg-name> --server-name <server-name> --name DisableFirewall --start-ip-address 0.0.0.0 --end-ip-address 255.255.255.255
Maybe the teacher doesn't need to actually connect to the database? However, if he has access to the subscription and resource group then he will add his IP for the time he will review your solution if needed.

Related

Can't connect to mysql database outside aws vm after creating succesfully

I followed this article to setup mysql server in my aws vm. At the time of creation of the vm itself I had allowed inbound traffic to port 3306 from all ip addresses.
After creating an admin account, I cannot access the account from outside the vm using sql workbench. I made changes in the property file to change the bind-address to 0.0.0.0 so that remote connections maybe allowed from outside. That also did not help.
What am I missing here? I did everything and still it won't connect. Appreciate any help on the matter.
AWS Security Groups
Based on the comments.
The issue was that mysql was setup to allow access from localhost. To solve the problem, external access needed to be allowed. This can be done by following the guide:
How To Allow Remote Access to MySQL

Trying to connect to a mySQL db on Amazon AWS using mySQL Workbench

I just opened an account on Amazon AWS. In this account, I created a mysql database instance, that I am now trying to connect to on my home computer use mySQL Workbench. I have entered the database endpoint (as listed in my account) and added the user name I set up for the master username for the database. When I hit "test connection" (using standard TCP/IP connection) however, I get a "Failed to connect..." message. I have a feeling that the problem may be that I need to use SSL and/or SSH. But I am a neophyte here, and I don't know how to properly set this up or configure mySQL Workbench with this. I am seeking assistance
You need to allow your mysql server to the user my user policy.
You can allow your Public IP address.
Please refer below case:
Cannot ping AWS EC2 instance
I think there that my database instance was misconfigured somehow, though not as JERRY suggests. I created a new MySQL DB instance and was able to connect to that without needing any other special configuration changes. So I am now using the new instance, and have deleted the old one. I wish I could provide more insight into what the problem with the first DB was, but the insight I have is (as I said) after I created the 2nd DB instance, no other configuration was necessary

I am not able to connect to mysql server running on Google Compute engine from another instance using internal IP

I located the /etc/mysql/my.cnf file
I changed the bind-address
first to 0.0.0.0 I received a '111 Connection refused'
then I changed it to the instance I am trying to connect to It still says '111 Connection refused'
the firewall rule allows connection on port 3306 using internal ip so I dont know the problem. Thanks
It seems that you have already taken the necessary steps to connect to MySQL server from GCE your instance. Based on the Stackoverflow case here the recommendation to resolve this problem is to comment this line below (add # at the beginning of the line) in your my.cnf file:
skip-networking
Once done you need to restart MySQL service
sudo service mysql restart
On the GCP side, if you have allowed the IP ranges you want to use with the specified port(3306), it should work fine.
You can also use “nmap” command to verify if port 3306 is open on your GCE instance with MySQL installed.
GCP provides CloudSQL which is a managed MySQL instance. You can access CloudSQL from your GCE VM using private address. This feature reached beta recently. This link provides detailed information about using private IP to connect to your Cloud SQL instances.
Before configuring a Cloud SQL instance to use private IP, you need some steps to be taken. This document provides step by step instructions for configuring an instance to use private IP.
You can use 'netstat -tunlp | grep 3306' command to verify that the MYSQL process is running on port 3306.
This error can also occur when mysql user account does not accept connections from any IP addresses. It may still use localhost parameter to connect to the server. I would recommend adding a user with remote access or granting existing user access to remote sources. You can see this: link for the similar issue and follow the steps recommended there to resolve.

How to setup mysql develper for PCF mySQL database to manage it

I am trying to understand PCF concepts and thinking that once i am done with creating mysql services in PCF, how i can manage that database like creating tables and maintaining that table just like we do in pur traditional environment using mySqldeveoper. I came across one service like PivotalMySQLWeb and tried but didnt liked it much. So if somehow i can get connection details of mysql service , i can use that to connect using sql developer.
The links #khalid mentioned are definitely good.
http://docs.pivotal.io/p-mysql/2-0/use.html
https://github.com/andreasf/cf-mysql-plugin#usage
More generally, you can use an SSH tunnel to access any service, not just MySQL. This also allows you to use whatever tool you would like to access the service.
This is documented here, but if for some reason that goes away here are the steps.
Create your target service instance, if you don't have one already.
Push an app, any app. It really doesn't matter, it can be a hello world app. The app doesn't even need to use the service. We just need something to connect to.
Either Bind the service from #1 to the app in #2 or create a service key using the service from #1. If you bind to the app, run cf env <app> or if you use a service key run cf service-key MY-DB EXTERNAL-ACCESS-KEY and either one will give you your service credentials.
Run cf ssh -L 63306:us-cdbr-iron-east-01.p-mysql.net:3306 YOUR-HOST-APP, where 63306 is the local port you'll connect to on your machine and us-cdbr-iron-east-01.p-mysql.net:3306 are the host and port from the credentials in step #3.
The tunnel is now up, use whatever client you'd like to connect to your service. For example: mysql -u b5136e448be920 -h localhost -p -D ad_b2fca6t49704585d -P 63306, where b5136e448be920 and ad_b2fca6t49704585d are the username and database name from step #3 and 63306 is the local port you picked from step #4.
Additionally, if you want to connect aws-rds-mysql (instantiated from Pivotal Cloud Foundry) from IntelliJ, you can use the DB-Navigator Plugin (https://plugins.jetbrains.com/plugin/1800-database-navigator) inside IntelliJ, through which, database manipulation can be performed.
After creating the ssh tunnel $ cf ssh -L 63306:<DB_HOSTNAME>:3306 YOUR-HOST-APP (as also mentioned in https://docs.pivotal.io/pivotalcf/2-4/devguide/deploy-apps/ssh-services.html),
Go to DB Navigator plugin and click on custom under new connection.
Enter the URL as: jdbc:mysql://:password>#localhost:63306/<database_name>
The following thread might be helpful for you as well How do I connect to my MySQL service on Pivotal Cloud Foundry (PCF) via MySQL Workbench or CLI or MySQLWeb Database Management App?

Can't Connect to MySQL instance Remotely that is running on EC2 Instance (Not RDS)

I have seen a lot of posts that claim they are running an RDS instance of MySql in which they cannot connect to, but I am not running RDS.
I used my EC2 insance to host my wordpress blog which was installed using the Web Platform Installer.
This setup the wordpress schema and data that I needed and I have been running it for a couple years.
I want to be able to access this database remotely instead of only logging into my server.
I have checked and have the following users
root
wpadmin
I have also verified that the port specified in the mysql config is the standard 3306 and I have setup an Inbound Firewall rule to allow 3306 through.
When I try to connect from MySql Workbench, I get the following error message:
Number 3 Is particularly one that I do not know how to check, but I do know that MySql is running and that it is running on 3306. Additionally, I know I am using the correct password.
When I try to connect, the prompt looks like this. Do I need to do something to grant Mysql user permissions or anything?
Based on your GRANT information, you have at least the problem of root user only having access privileges from localhost. You would need to create a root#% user (or a more specific host/IP instead of % if you have a reliable address). That would allow external access so long as your EC2 security group also allow access on port 3306 (either globally or to a more restrictive IP address or IP range).
Of course the security implication here is that you are opening up access to MySQL that you might not want to make more accessbile to potential attackers. For this reason, I would recommend you access your DB via SSH tunnel, which is supported by MySQL workbench. This will in essence allow you to shell into the host your your access key and then access as root#localhost.