I've recently created a Mule application (3.7.0 CE) on a laptop. I'm connected to an AWS RDS instance when running locally in AnyPoint Studio using Maven. I started with a local MySQL DB and migrated it to AWS because my application "proofofconcept" is just that a proof of concept and I would like to show the application online (public url) instead of my laptop for a presentation. I added the database.url=... property to the application properties when I deployed to Anypoint Runtime Manager in the cloud. I'm currently getting a:
communications link failure
I've tried several things and nothing has worked. I tried a basic database connection first in the database config. And, then I created a JDBC datasource in Spring-beans. Both methods worked locally and in-communication with AWS (remote). When I deploy to Runtime Manager, the application deploys. And, I get the console that's generated runtime by the RAML. When I call a url e.g. api/v1/orders it runs and runs and after timeout provides the communication error.
Does anyone 1) know if the communication is allowed? 2) know how to fix this? I would like to demo the POC online for my client.
Thanks in advance
My issue was with Amazon VPC and the default security group assigned to my RDS instance. By default all outbound activity is set to any protocol and any port for any ip (0.0.0.0/0). Inbound routing, however was specifying only port 3306 but also a custom using-ip that was my home network public ip. I changed the ip specification to be 0.0.0.0/0. This now mean's that any ip can send a request though port 3306 to my Amazon MySQL instance.
Related
I have a PHP web app (Snipe-IT) that was previously working.
We went through a security review, and the recommendation was made to enable service endpoints (Microsoft.Sql) on the application subnet so that web apps connect to databases over the Azure backbone. Everything is working fine for the other MSSQL apps, except for our Snipe-IT application, which connects to a GP_Gen5_2 MySQL instance.
The error message says:
D'oh! Looks like we can't connect to your database. Please update your database settings in your .env file. Your database says:
SQLSTATE[HY000] [9009] Client connections to Basic tier servers through Virtual Network Service Endpoints are not supported. Virtual Network Service Endpoints are supported for General Purpose and Memory Optimized severs. (SQL: select 2 + 2)
This error message doesn't match the environment configuration because the database in question is a General Purpose, 2 vCore(s), 50 GB database.
There is no networking tab on the MySQL server, but in the Connection security tab we have tried enabling access to Azure resources, allowing the full public internet (0.0.0.0 - 255.255.255.255), enabling and disabling forced SSL, but nothing changes the result.
Azure won't let us create a Private Endpoint on the MySQL database because 'the subnet contains external resources'
I am hoping there is a way to resolve this without having to rebuild both the app and database in a different App Service Environment and subnet.
Thanks
I have an application running on EC2 instances that store data in an RDS instance. All of these instances are in an AWS VPC with security groups configured to allow them to connect to each other.
For reporting purposes, I would like to connect to the RDS instance from my laptop (e.g. using SQLAlchemy) to run simple queries. Every time I try to connect using the connection string that the EC2 apps use, the connection times out.
For Google, one can use the Cloud SQL proxy for this, but I can't find an analogous product for AWS. Instead, it seems like what I am supposed to do is attach an internet gateway to the VPC and configure the security groups to allow connection from my machine. However, the documents are unclear on how to do this other than allowing all inbound connections or allowing a static IP. Unfortunately my laptop doesn't have a static IP, and I'm uncomfortable allowing all inbound connections as it seems insecure and an invitation to attacks. I also have not been able to find a way to configure a security group to allow connections based on IAM credentials for example using the AWS CLI. Since I will be routinely generating reports, a solution that involves updating a security group (i.e. allowing my current IP) every time I want to connect seems suboptimal.
I have tried following the following documents, but so far have had no success in finding a solution that does not allow all connections:
Allow users to connect to RDS using IAM*
Connecting to RDS instance from command line
Connecting to RDS on VPC from internet
*My RDS instance configuration does not allow me to enable IAM authentication, I'm not sure why
IAM Database Authentication is not supported for the configuration in the DB Instance db.
Modify your Db Instance to another instance class and try again.
(Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination;
Request ID: a6194fb8-2ab9-4a6a-a2be-63835e6e0184)
Is there something I'm not understanding or overlooking? Is allowing connections from all IPs not a big deal since the DB instance is still secured by DB user credentials?
Select this connection as per screenshot. Then fill up all details use your nat instance .pem file to connect. Its like you are connecting to VPC through Nat gateway or Internet gateway bypassing this.
Another option to install VPN on VPC and connect.
I am trying to locally run a PHP based project, connecting to an Amazon RDS instance. I am receiving the following error in the browser:
![SQLSTATE[HY000] [2002]]1
I have run a series of networking tests where I pinged the following and received successful test results. I pinged:
iiNet's web address
One of iiNet's DNS servers
The loopback address of my computer
I pinged Google
I then tried the mysql utility to remotely connect and received the
ERROR 2003 (HY000): Can't connect to MySQL server
Last factor I think you should know regarding my own networking situation, I am connecting to the internet via:
modem->Zyxel VPN->Wireless Router->My laptop
What in the Sam Hill is going on?
Thanks,
CM
For this to work, the following must be true:
the RDS instance must resolve to a public IP address (I'd check this for you but since you chose to use a screenshot instead of text, I can't copy paste it, so I'll leave it to you)
the Security Group(s) associated with the RDS instance must allow traffic from your public IP ( the one you'll get from http://wtfismyip.com/text ). This won't bet true by default. I highly recommend you open to your IP, not just everyone, as Mysql is trivial to DOS attack if its port is public.
The network ACL of the VPC hosting the RDS instance must allow the traffic also. This will be allowed by default, so unless you changed the ACLs in your VPC, you can ignore this.
If all those are true, you should be able to connect!
I have my Sails application on an AWS instance with all dependancies installed with no apparent issues. However, each time I try to launch the app I am getting the following error.
error: AdapterError: Connection is already registered
I have not managed to successfully lift sails yet on the instance and sails-mysql was freshly installed so no connections should be registered.
I have taken the following steps to deploy my app..
Set up a MySql RDS instance (EU-West)
Created and set up an Ubuntu AMD-64 t2.micro EC2 instance (EU-West)
Installed all prerequisites (Git, NVM, NodeJs, Sails, etc.)
Cloned my Sails project
Installed dependencies for Sails
Correctly configured my connection settings for Sails to use my RDS instance.
I know that my connection settings are correct as I have been able to run Sails on my local machine with a connection to my RDS instance and it would consistently lift without any issues.
I am also able to connect to my RDS instance using SequelPro with no problems.
I have had issues with dependencies in the past but have managed to fix those issues and have not had any of them on my local machine or with my EC2 instance.
After searching for a while I have come across a few users who have had similar issues but have managed to fix them with Waterline's teardown methods, however, I am unsure how to achieve this.
I have done my best to provide as much information as possible and any help would be massively appreciated.
Sails Version: 0.12.11
Thank you in advance.
I managed to fix the issue by carrying out the following:
Switched my environment to production in config/bootstrap.js
In connections.js add connectTimeout: 20000 to make sure the request does not time out before the connection is made.
eg. process.env.NODE_ENV = 'development'
Ensure that the security group inbounds rules for the RDS allows connections from the security group associated with my EC2 instance.
Type: MySQL/Aurora
Protocol: TCP
Port Range: 3306
Source: < Your security group ID >
Following the above points also meant I overcame the issue with handshake timeouts when communicating with the RDS.
I have mysql server installed on my machine. I would like to connect to the same local mysql instance using Google app script's jdbc service. I am getting connection failed error. So, I would like to confirm:
1. is it possible to connect to mysql instance running on private machine(laptop) using jdbc service.
2. If not is it always mandatory to connect to public IP. What is the alternative to connect to mysql instance running on private machine.
This definitely works, but you need to permit Google's machines to connect to your machine. That means opening a hole in your firewall, possibly setting up port forwarding on your router, etc.
There is an alternative to poking a hole in your security arrangement, it is called Secure Data Connector, and it lets your machine initiate the connection to Google - https://developers.google.com/secure-data-connector/
Unfortunately, I don't believe that SDC supports JDBC yet (I believe it only supports HTTP based communication).
(P.S. One very simple work around is to mirror your local database to some kind of cloud service, and then permit access to that replica from Google).