I'm currently having issues setting up the AWS Explorer plugin in DataGrip to recognise the Aurora Serverless Clusters (MySQL). I have set up credentials from IAM in the credentials file, and can access other AWS services (if I select the dropdown "Schemas", for example, I can see the list of schemas in my org) but clicking the RDS dropdown shows "empty", and doesn't even show the list of database engines. I have tried connecting with secrets manager and using the correct secret for the DB cluster but no luck. When I try and add the database cluster as a data source, it just hangs on "Introspecting" and then the endpoint for that cluster.
I found this issue on the aws-toolkit for jetbrains github https://github.com/aws/aws-toolkit-jetbrains/issues/2124
which mentions that it could be a driver problem. I have tried changing to the mySQL driver, and that hasn't seemed to fix it. DataGrip also seems to heavily encourage using the recommended Aurora MySQL driver.
Is this a bug with DataGrip, or AWS Explorer, or am I missing something obvious? Do I need to enable SSL CAs to get AWS Explorer the correct permissions?
Thanks!
EDIT: I have gone through the prerequisites listed on the AWS docs:
I have installed the AWS CLI and AWS SAM CLI
I have installed Docker (but I haven't set up any containers - I think this is
only needed if I'm running localhost?)
I'm running Windows 10.
Aurora serverless can't be accessed from the internet. From docs:
You must create your Aurora Serverless DB cluster in an Amazon Virtual Private Cloud (Amazon VPC). Aurora Serverless DB clusters are accessible only from an Amazon VPC and can't use a public IP address.
Thus, you need to setup VPN or some proxy (e.g. ssh tunnel through a bastion host) to be able to connect to Aurora serverless from outside of AWS.
Related
I see a lot of articles online where EC2 is involved, but since my backend is essentially serverless I have not found much information how to access my RDS once it is turned private. Can anyone point me in the right direction?
Current state:
Public MySQL RDS
RDS is accessed by a MySQL client on my local machine (MySQL Workbench) and AWS Lambda functions via my web application (both connecting via SSL)
Future state:
Private MySQL RDS
Private RDS would continue to be accessed by only my local machine and only the noted AWS Lambda functions via my web application (I assume continuing to use SSL?)
In your scenario your Lambda functions will need to be configured to run in the VPC if they are not already. That is the only change required for the Lambda functions.
However, When you switch the RDS instance to private, that means it only accepts connections from within the VPC. So you can't make connections directly from your local computer to the database anymore. You have to go through some sort of "bridge" to get your local computer into the AWS VPC network.
In this scenario people either use an EC2 instance as a bastion host, or they create a VPN connection from their local computer into the AWS VPC. AWS Client VPN is a managed service you could used for this.
You'll need to evaluate the Client VPN pricing, but I think you may find that a single t4g.nano EC2 bastion host is probably cheaper, and you can also stop the instance when you don't need it to really cut down the cost.
You can use VPC also with Lambda. Lambda and RDS can be in the same VPC, or in separate VPC’s peered together. Aws documentation for this scenario can be found here: https://aws.amazon.com/premiumsupport/knowledge-center/connect-lambda-to-an-rds-instance/
You can use Basti, which is a CLI tool that manages the EC2 bastion instance for you. The tool keeps the instance stopped when it's not used to minimize the solution cost, performs software updates to maintain the bastion instance secure, and provides a convenient CLI that can be used locally and in CI/CD pipelines.
I need proper explanation and steps to connect to an RDS database from my AWS Elastic BeanStalk Project. I have already created a RDS instance on AWS and successfully connected to it from MYSQL Workbench. After that, I have also connected it to my Elastic BeanStalk project. But still my java based website project cannot fetch data from it. Why ????
This use case is documented here:
https://github.com/awsdocs/aws-doc-sdk-examples/tree/master/javav2/usecases/Creating_rds_item_tracker
This tutorial steps you through creating a Java Spring app that is deployed to AWS Elastic Beanstalk and queries data from an RDS instance.
Please check if you can access your RDS instance from your elastic beanstalk environment when you set the RDS instance to public. If you can you have not configured your security groups to allow connections from your EB environments towards your rds instance.
Note: don't forget to set it to private again after you're done with testing.
Can you install MySQL for AWS Elastic Cloud Compute (EC2) directly on the instance? I can't afford to purchase a separate RDS instance at the moment.
My website is setup on AWS EC2 already and now I'm going to try out some features with a database. I need to set up the instance to run on the EC2 localhost and connect it to my website to store my user data.
So first you need to separate XAMPP from mysql in your thought process. XAMPP is a tool only for your local development. You can set up a database on the Elastic Cloud Compute (EC2) instance similarly to how you set up your XAMPP config locally.
Here are the official docs on how to install a full LAMP stack on an EC2 instance running the Amazon Linux AMI - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/install-LAMP.html
We have mysql databases which we want to host on AWS RDS and want to use in Azure VM and web app. Both of them located in Singapore region.
Is this possible? If yes, How? What are pros and cons? And how to do this?
You have two options, build a Amazon VPC /Azure Network VPN tunnel by your own, with something like a cisco instance or linux vpn packages, or make your mysql amazon rds public accessible and set up ssl encrypt connection to the db for more information see this doc
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
I'm using Amazon RDS for the first time ever and I've been following the heroku docs to get my app using the RDS instance. So far I've created an instance and I have setup the addon using the format:
$ heroku addons:add amazon_rds url=mysql://user:pass#rdshostname.amazonaws.com/databasename
After running heroku rake db:migrate I got
!!! The bundled mysql.rb driver rake
aborted! no such file to load -- mysql
So I installed the MySQL gem. Doing the same thing again I got the error:
Can't connect to MySQL server on
'myapp.cqslpaxxqrok.eu-west-1.rds.amazonaws.com'
(110)
I see there's a note about the instance being in the US-east region for Heroku's security group to control access or something. Can I not use a European instance?
No, you cannot use a European instance. Heroku is only available on the US East zone right now, and you need to be able to add Heroku to your security zone for the RDS instance to work, which I suppose require you to be in the same zone. More imporantly, you want to be in the same zone as Heroku for latency and security reasons (otherwise your database traffic will be travelling over the Internet).
Heroku changed its procedure to allow Heroku servers to connect to RDS instances. The accepted answer to this question is not true anymore.
You have to grant Heroku dynos access to your RDS instance. The recommended way to do this is to configure the RDS instance to only accept SSL-encrypted connections and configure the security group for your instance to permit ingress from all IPs.
Previously, Heroku published its AWS account ID and security group name as a way to grant access to an AWS RDS instance. This is no longer recommended.
Ref: https://devcenter.heroku.com/articles/amazon_rds