I was wondering if it is possible to make my database have a DNS name instead of an IP address with Amazon RDS? We currently own a website and were wondering if there was a solution to have something like db.website.com refer to our Amazon Web Services database? Is this possible?
When a database instance is launched under Amazon RDS (Relational Database Service), an endpoint is provided in the form of:
db.crwobkqad31a.ap-southeast-2.rds.amazonaws.com:3306
If you wish to apply a more friendly DNS name, configure a CNAME record in your DNS server (eg Amazon Route 53) that maps the friendly name (eg db.website.com) to the database endpoint.
The DNS name will resolve to an IP address. If the database is publicly-accessible and the name is resolved outside your Amazon VPC, a public IP address will be returned. If the name is resolved within your Amazon VPC, a private IP address will be returned.
You will typically want to protect your database from outside access by placing it into a private subnet. It is unusual to want to give end-users direct access to a database (which I'm assuming you want to do, given the desire for a friendly DNS name), but that is your choice.
I was wondering if it is possible to make my database have a DNS name instead of an IP address with Amazon RDS?
Not only can you, but you must. Your RDS will have an endpoint like something.random-string.us-west-2.rds.amazonaws.com. Correcting directly to its IPs is dangerous as the server's IP may change unexpectedly (if the server is modified, scaled, has an issue, or fails over).
You can use a CNAME pointed at your RDS endpoint, if you like, to use something like db.example.com instead of your RDS endpoint.
Related
I cannot figure out how to provide a DNS name to an IP address in Oracle cloud. Did not find a documentation. Went through the portal settings and some CLI documentation around networking. But did not find any.
It is quite straightforward in Azure. As the above screenshot shows.
Can anyone point me in right direction?
The hostname you provide at instance creation along with the subnet domain name becomes the instance's fully qualified domain name (FQDN). You can find more details in this chapter of the documentation: DNS in Your Virtual Cloud Network
In case of the Load Balancer's public IP, you can associate the public IP address with a friendly DNS name through any DNS vendor. You may also create and manage your DNS Zones within OCI Domain Name System, but you still need to register your domain name at a 3rd party DNS vendor. For more details on OCI DNS service, please see the DNS Service documentation.
I created successfully a apache server but I dont want to connect to it by typing 192.168.0.102, I want a normal url like www.google.com. How can I do that? I went to httpd.conf and found the ServerName line but setting it to something like www.mysite.com doesnt seem to work. I also tried to use my external ip(https://www.whatismyip.com) as server name but it doesnt connect. It only works if I try to connect to 192.168.0.102 or localhost. How do i solve this? Thanks
There are three basic things you need to know.
Virtual name hosting
HTTP allows multiple websites to be hosted on the same IP address and port. The client uses the Host request header to tell the server which site it wants to get data for.
ServerName is used as part of this.
… but the client needs to know how to send a request to the server first.
DNS
When a client makes a request to a server, it uses the IP address of the server in order to allow it to be passed over the network (or networks) to it. It is the address.
IP addresses are sequence so of numbers, which aren't very friendly for humans to work with.
DNS translates friendly names (like www.example.com) into IP addresses.
The client has to look up the name to find the IP address. It normally does this through the main DNS system, and in order to get your name linked to your IP address you will need to find a domain name registrar and pay them.
It is also possible to set up DNS at a local level on a private network, and on a computer-by-computer level using a hosts file.
Routing
The IP address of the server has to be routable from the computer the client is running on.
192.168.0.102 is a private address, accessibly only on the same LAN. To make it accessible to clients on the Internet you need to either:
Set up your router to use port forwarding and then use the Internet facing IP address of the router (which https://www.whatismyip.com tells you) or
Give your computer a public IP address and configure your router to route traffic to it (this generally isn't possible on consumer grade routers).
In short, you can't. 192.168.0.102 is not accessible from the Internet it is internal IP.
But you have some alternatives, like if you like to access your computer from a hostname you can use dynamic DNS servers.
Or you want to test your code on a spectacular domain, you can add 192.168.0.102 with a domain to your hosts file, then only you can use this domain with your local computer.
But, If you really want to serve some content to the Internet from your local computer you have to find a DNS server service (like cloudflare) to point your domain to your public Internet ip not to 192.168.0.102.
You configure the virtual host and set the server name to the domain name you want. After that, Apache will check the requests and will use that virtual host if a request was made for that domain name. In order for that to work, that domain should point to your IP address where the server is running.
If you want to test if the configuration works, edit your /etc/hosts file and add that domain name to 127.0.0.1. After that you will be able to access to that virtual host if you try to access to that domain name from your browser.
More info here : https://httpd.apache.org/docs/current/vhosts/name-based.html
I recently inherited an AWS account's maintenance and noticed that the db access is wide open to any network, anywhere! So I decided it must be simple like it is when we do it with our own VMs. Except on Amazon AWS EC2 instances have an internal IP and a public IP and sometimes an elastic IP. So I thought ok I'll search google and find a simple quick writeup, and there doesn't seem to be one. So can someone please provide a simple writeup, here, on how to do this. I understand there are three methods on the RDS security and so forth. If you don't have time or desire to cover all three please just pick the one you like and have used for the example. If I don't get a good response on this within a day or so I'll hit the docs and piece it together myself, thank you in advance!
Well I tinkered with it a bit. The docs are not too suggestive. I found on an EC2 instance that has an Elastic IP assigned I had to use the Private IP allowed in the security group I applied to the RDS MySQL database. The Elastic IP assigned or UN-assigned did not affect connection. On the EC2 instance which had no Elastic IP assigned I had to use the Public IP allowed in the security group. The Private IP did not matter. This seems a bit strange to me.
An Amazon Relational Database Service (RDS) instance should typically be kept private to prevent access from the Internet. Only in rare circumstances should an RDS instance be accessible on the Internet.
An RDS instance can be secured in several ways:
1. Launch it in a Private Subnet
A Virtual Private Cloud (VPC) can be configured with public and private subnets. Launching the RDS instance in the private subnet will prevent access from the Internet. If access is still required across the Internet (eg to your corporate network), create a secure VPN connection between the VPC and your corporate network.
2. Use Security Groups
Security Groups operate like a firewall around each individual EC2 instance. They define which ports and IP address ranges are permitted for inbound and outbound access. By default, outbound access is permitted but inbound access is NOT permitted.
3. No Public IP address
If an RDS instance does NOT have a Public IP address, it cannot be directly accessed from the Internet.
4. Network Access Control Lists
These are like Security Groups, but they operate at the Subnet level. Good for controlling which app layers can talk to each other, but not good for securing specific EC2 or RDS instances.
Thus, for an RDS instance to be publicly accessible, it must have all the following:
A public IP address
A Security Group permitting inbound access
Located in a public subnet
Open Network ACL rules
For your situation, I would recommend:
Modify the RDS instance and set PubliclyAccessible to False. This will remove the public IP address.
Create a new Security Group (I'll refer to it as "SG1") and assign it to the single EC2 instance that you want to allow to communicate with the RDS instance
Modify the Security Group associated with the RDS instance and allow Inbound communication from SG1 (which permits communication from the EC2 instance). Note that this refers to the SG1 security group itself, rather than referring to any specific IP addresses.
I have an app with two workers (Web and Background) on AppHarbor that connect to a MySql database hosted on Amazon's RDS.
I keep getting "Unable to connect to any of the specified MySQL hosts." exception.
The RDS instance in the US-East region and I have added the following AppHarbor CIDR to the security group.
50.17.211.192/28
54.235.159.192/27
I have added my own CIDR to the security group and I connect to the instance just fine.
However when the app is running on AppHarbor it fails.
My connection string (censored) is:
Server=myinstanceXXXX.cykjvptrw5xs.us-east-1.rds.amazonaws.com;Database=MyDatabase;UID=XXXXXX;PWD=XXXXX;
I have tried including the port 3306 on the server endpoint but it made no difference.
Am I missing something on getting the two to play nice with one another?
By default AppHarbor use Amazon's internal DNS service for resolving hostnames. Because of that Amazon RDS instances in the same region as AppHarbor will resolve the private IP addresses rather than the public ones listed in the knowledge base article, so setting up rules based on the public IPs will not work most of the time.
In case Amazon's DNS service becomes unavailable we'll fail over to an external DNS service. This means you'll still have to configure the external IPs for the highest availability as an external DNS service will resolve the public IPs. This way you can ensure that your application is resilient towards DNS failures.
You can set up security group based access rules for your RDS security group. We've updated this knowledge base article with a section specifically for Amazon RDS where you can find the information necessary to set this up.
So...I want to put the Web Server on one EC2 instance and the MySQL database on a separate EC2 instance. Which I can do, but how would I point the web server over to the other instance that I am using for MySQL?
You know Amazon do offer a specialized MySQL instance instead of standard instances, just gives backups, etc.
I'm not sure whether you mean how do you expose MySQL service as a port, or how to identify the database instance.
You can expose MYSQL on a machine port as service and access through telnet or SSH (usually SSH). The default is 3306, I believe.
To get the IP of the database instance, create and assign an elastic IP to the DB instance and use that.
Every instance of EC2 that is spun up has a number of domain names associated with it.
You probably want to use the internal address for communication (saves you money). It looks something like domU-12-31-39-00-86-35.compute-1.internal and is treated like any other hostname.
The issue with using such internal addresses, rather than elastic IP, is that if things reboot, you need to update the internal addresses. Your mileage may vary, but I was part of a project that ran for months and saw no EC2 reboots (other than what the team rebooted themselves).
See http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/index.html?concepts-instance-addressing.html for more on addressing (look for "Using Instance IP Addresses" -- Amazon doesn't like deep linking, apparently).