Can we connect ECS Instance with RDS instance in Alibaba Cloud? - alibaba-cloud

I would like to know that whether it is possible to connect an ECS instance with RDS instance? If yes, then please explain the process or please share some resources to know about the process.
Thank You!!

Yes you can connect the ECS instance to the RDS instance through the internet by using the public address of the RDS instance.

Did you mean your application on your ECS being able to connect to your RDS? Yes, of cause.
(Source)
After you create your RDS, you'll have to configure a whitelist of IPs which can access your RDS, and create your accounts and databases on RDS. Then you can connect to your RDS through your ECS by your application or client using the internal endpoints (only within your VPC) provided in the Basic Information of your RDS instance. If you need a public endpoint, you can apply for one.

Sure, you can connect your application on ECS instance to your RDS instance.
You can check this documentation:
https://www.alibabacloud.com/help/product/26090.htm
or specific database:
ApsaraDB RDS for MySQL
ApsaraDB RDS for SQL Server
ApsaraDB RDS for PostgreSQL
ApsaraDB RDS for PPAS
ApsaraDB RDS for MariaDB TX

Related

EC2 Instance connect to RDS accessible through a VPN

I have a Laravel application (API) that I am trying to move to AWS, however, the DB sits privately in AWS and is only accessible to me through a VPN.
The database is an RDS instance.
How can I provide my EC2 instance with access to the RDS Database?

Not able to connect Amazon Aurora Serverless from SQL client

Today I've created Amazon Aurora Serverless cluster for PostGreSql in us-west-2, ensured the VPC and security groups in
a way that, it should be publicly accessibly. But I'm not able to connect that cluster using the aurora endpoint from my Navicat/PgAdmin4 desktop client. Then I tried from the EC2 instance that are in same security group/vpc as like as Aurora Serverless, then it worked.
From AWS froum,
You can't give an Aurora Serverless DB cluster a public IP address.
You can access an Aurora Serverless DB cluster only from within a
virtual private cloud (VPC) based on the Amazon VPC service.
Source: https://forums.aws.amazon.com/thread.jspa?messageID=862860&tstart=0
Seems it uses an internal AWS networking setup that currently only supports connections from inside a VPC, and it must be the same VPC where the serverless cluster is deployed.
So now basically my question is that,
Is there any workaround to connect Aurora Serverless with any client like Navicat or PgAdmin4?
I found a cool hack that is working perfectly for my development purpose with some tweaks and I know I don't need this on my production environment.
So as we know Aurora Serverless works only inside VPC. So make sure you are attempting to connect to Aurora within the VPC and the security group assigned to the Aurora cluster has the appropriate rules to allow access. As I mention earier that I already have an EC2 instance, Aurora Serverless and a VPC around both. So I can access it from my EC2 but not from my local pc/ local sql client. To fix that I did below two steps.
1. To access from any client(Navicat in my case),
a. First need to add GENERAL db configurations like aurora endpoint host, username, password etc.
b. Then, need to add SSH configuration, like EC2 machine username, hostip and .pem file path
2. To access from project,
First I create a ssh tunnel from my terminal like this way,
ssh ubuntu#my_ec2_ip_goes_here -i rnd-vrs.pem -L 5555:database-1.my_aurora_cluster_url_goes_here.us-west-2.rds.amazonaws.com:5432
Then run my project with db configuration like this way test.php,
$conn = pg_connect("host=127.0.0.1 port=5555 dbname=postgres user=postgres password=password_goes_here");
// other code goes here to get data from your database
if (!$conn) {
echo "An error occurred.\n";
exit;
}
$result = pg_query($conn, "SELECT * FROM brands");
if (!$result) {
echo "An error occurred.\n";
exit;
}
while ($row = pg_fetch_row($result)) {
echo "Brand Id: $row[0] Brand Name: $row[1]";
echo "<br />\n";
}
This question comes up over and over for multiple AWS services (most new ones are VPC only by default). The short answer is - you can hack up something and expose the DB outside of the VPC, but it is not recommended for a production setup. Assuming this is for a dev setup, by all means try the recommendations from [1]. It is for Neptune, but you can do the exact same thing for Aurora.
[1] Connect to Neptune on AWS from local machine

Access an RDS DB on a private subnet from an ec2 on a public subnet via SSL

I have an instance of AWS RDS running in a private subnet of a VPC.
I would like my EC2 machine, which is running on a public subnet to have access to it via SSL (and not SSH like I saw people suggest. I want to access it directly from the code via SSL).
Is there a way to do so?
The EC2 instance should have direct access to the RDS instance as long as they are in the same VPC. You just need to open up the security group assigned to the RDS instance to allow ingress from the EC2 instance.
I think you have SSH tunneling (which isn't needed when both servers are in the same VPC) and SSL database connections confused. SSH and SSL would be completely unrelated in this case.
SSL connection support would be a function of the specific database engine you are using. If your database is configured to support SSL connections, then you should be able to configure your database client software running on your EC2 instance to use SSL when creating connections to the database.

Amazon Redshift ODBC connection EC2

I'm not able to connect to my Redshift cluster through ODBC from an EC2 instance. However, I'm able to connect to it from an outside computer (for eg My Macbook) using the ODBC connector. I have been trying and trying but in vain. How can I make my EC2 instance connect to Redshift? The Error I get is:
Is the Server running on host .................and accepting TCP/IP connections on port 5439?
I'm really confused as I can connect form outside but not from an EC2.
Thanks for the help.
Add the security group of your EC2 machine to the list of Ingress rules of the security group in your Redshift VPC.
Basically, you need to allow your EC2 machine to connect to the Redshift cluster.
If you have the instance in the same VPC, public hostname of redshift might not work.

Do I need to create an EC2 instance to remotely access my Amazon RDS instance?

Do I need to create an EC2 instance in order to remotely connect to my Amazon RDS instance?
I understand that setting up an Amazon RDS instance automagically creates an EC2 instance 'in the background'. But when looking into my EC2 console I don't see that hidden instance so I can't find the details for the public DNS or Elastic IP, neither the EC2 instance key that I need to connect through SSH.
Yes, an RDS instance creates an EC2 instance to run the database but you don't have direct access to it via ssh, which is kind of the point.
RDS is a service that is managed for you and the idea is to hide the implementation details and simply provide an endpoint to connect to from another EC2 instance. You can find the endpoint name in the EC2 console - just use this as the hostname to connect to from your application and you can treat RDS just like any other database.
Amazon need to maintain a level of control over the server in order to provide it as a service and ssh access would interfere with that. There are a few things you miss out on because of this (e.g. direct access to DB files) but these are far outweighed by having Amazon manage upgrades, backups and replication for you.

Resources