Amazon RDS MySQL: setting user names and passwords - mysql

I'm trying to allow an application to connect via a connection string, and am having no luck; the application asks for a password. The only password I can find in the console is for the root user (which I guess is also the master password). I've changed the password and am trying to log in with MySQL Workbench, but the connection is denies.
What gives? Is there a way I can create a new user and password? If not, how long does it take for a new master password to set?

You will use the credentials you supplied when the instance was first created (see screenshot)
That's the "root" permissions you have after instance creation.
If you recently changed the password, it doesn't take long to update.
As long as the instance is an an available state on the RDS console you should be good with that new password.
No matter what you're going to need to know the username of the master user which was configured at instance creation.
Once that's done you should use individual MySQL users to make application connections, but that's a story for a different thread :)
If you still cannot connect, ensure your Security Groups assigned to the instance allow connection from wherever you're connecting from and ensure your firewall isn't blocking outbound to MySQL port (3306)
Some helpful links regarding MySQL in RDS:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToInstance.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateInstance.html
Some helpful links regarding MySQL general user management (after you get logged in as the master account):
https://dev.mysql.com/doc/refman/5.7/en/create-user.html
http://www.mysqltutorial.org/mysql-create-user.aspx

Related

Connect to a MySQL database using access info on mysql db

I have a request from a customer and I am quite sure the answer is no, but wondering if someone has a different answer.
Background
As you know MySQL installation create a database called "mysql" where it stores the databases we create and also the users.
In the user table, there is a field called "authentication_string" where the user password is saved.
Project
On this project each time a customer creates an account a new database user and database is created.
When a customer logs in through a web interface, the system calls an API to authenticate him/her. After that the root db user is used to connect to customer database, not their own database credentials, why? because they do not want to save user and password on database (this is a temp solution)
They want to change the application so after authentication/authorization process and they would somehow only needed root credentials to somehow get user and password from "mysql db" and then use them to create the connection using customer db credentials.
Is this possible? Or is there some mysql parent - children configuration where this scenario is possible?
Project uses MySQL 5.7
From what I can understand I think you could just use MySQL’s SET PASSWORD to set some random strong password for the user and then login using that. This way you would not store anything and it would still be pretty secure assuming your root db access is fairly isolated from the thing that’s trying to login as the user.
For example:
SET PASSWORD FOR some_user = <long-strong-randomly-generated-password-string>
Afterwards you return this <long-strong-randomly-generated-password-string> from your access-providing process and then the user process can login using that. In this case it would stay valid until the next SET PASSWORD, so keep that in mind, but depending on your use-case that might be ok.

Trying to connect to a mySQL db on Amazon AWS using mySQL Workbench

I just opened an account on Amazon AWS. In this account, I created a mysql database instance, that I am now trying to connect to on my home computer use mySQL Workbench. I have entered the database endpoint (as listed in my account) and added the user name I set up for the master username for the database. When I hit "test connection" (using standard TCP/IP connection) however, I get a "Failed to connect..." message. I have a feeling that the problem may be that I need to use SSL and/or SSH. But I am a neophyte here, and I don't know how to properly set this up or configure mySQL Workbench with this. I am seeking assistance
You need to allow your mysql server to the user my user policy.
You can allow your Public IP address.
Please refer below case:
Cannot ping AWS EC2 instance
I think there that my database instance was misconfigured somehow, though not as JERRY suggests. I created a new MySQL DB instance and was able to connect to that without needing any other special configuration changes. So I am now using the new instance, and have deleted the old one. I wish I could provide more insight into what the problem with the first DB was, but the insight I have is (as I said) after I created the 2nd DB instance, no other configuration was necessary

Unable to Connect to Azure MySQL using MySQL Work Bench

I create a MySQL storage in Microsoft Azure. What I did is from the portal I clicked "New > Data+Storage > MySQL". The I kept the defaults and continued. After everything Azure says the storage and all is now ready.
So, I went to "DashBoard > Clicked on my newly created database resource". Now I can see my IP address of the database.
I opened MySQL Work Bench, clicked "Database >Connect to Database" and inserted the IP I found in my above step. I kept port 3306 as it is. For the user name and password I inserted the username and password I inserted during my database creation.
Anyway I really can't connect to the database, I get the below error.
I even tried editing my "Security Group" in Azure. Below is a screenshot of what it contains now.
Inbound Rules:
Outbound Rules
Even after all of these things, why I still can't connect to Azure MySQL?
I was using 'Bitnami' and 'Bitnami' comes with their own username and password! The default password for Bitnami is 'bitnami' and user name is 'root'

Hosted MySql, Views, client Ipaddress change and Access Denied

I have a hosted MySql server with many databases each with many views. I access the server remotely from my office using HeidiSql.
Once in a while the IP address of my office changes. When this happens, I have to add the new office IP address to the server using cPanel and the "Remote MySql" tool so that I can remotely connect again.
However, all of the views have definer: USER#OLD_IP_ADDRESS. If I need to change a view, I get Access Denied. Up to now, I have been deleting the view (yes, i can delete the view) and recreating it, which makes the view's definer USER#NEW_IP_ADDRESS, and then I can edit the view -- until the Ip address changes again.
So, my question is: What is the best practice is an environment like this. Is there a way to define the views once and, without causing a security risk, be able to edit the views after an IP Address change.
Thanks for any guidance.
You could loosen the host in the MySQL user account a bit, according to the IP range of your internet provider. That way, you don't need to change it every time you get a slightly different IP:
user#123.456.789.%
user#123.456.%
This of course loosens the security in this account, but if your password is be a good one, it should not be too risky.
A better way is to make the MySQL server only accessible via SSH. In that case, your MySQL server can be set up using the --skip-networking option, as you always connecting from localhost. Your user account can be user#localhost or user#127.0.0.1, which then would solve your above mentioned problem for all times.
HeidiSQL also supports SSH tunneled MySQL connections, see here for some tutorial.

Can't Connect to MySQL instance Remotely that is running on EC2 Instance (Not RDS)

I have seen a lot of posts that claim they are running an RDS instance of MySql in which they cannot connect to, but I am not running RDS.
I used my EC2 insance to host my wordpress blog which was installed using the Web Platform Installer.
This setup the wordpress schema and data that I needed and I have been running it for a couple years.
I want to be able to access this database remotely instead of only logging into my server.
I have checked and have the following users
root
wpadmin
I have also verified that the port specified in the mysql config is the standard 3306 and I have setup an Inbound Firewall rule to allow 3306 through.
When I try to connect from MySql Workbench, I get the following error message:
Number 3 Is particularly one that I do not know how to check, but I do know that MySql is running and that it is running on 3306. Additionally, I know I am using the correct password.
When I try to connect, the prompt looks like this. Do I need to do something to grant Mysql user permissions or anything?
Based on your GRANT information, you have at least the problem of root user only having access privileges from localhost. You would need to create a root#% user (or a more specific host/IP instead of % if you have a reliable address). That would allow external access so long as your EC2 security group also allow access on port 3306 (either globally or to a more restrictive IP address or IP range).
Of course the security implication here is that you are opening up access to MySQL that you might not want to make more accessbile to potential attackers. For this reason, I would recommend you access your DB via SSH tunnel, which is supported by MySQL workbench. This will in essence allow you to shell into the host your your access key and then access as root#localhost.