Connecting to Aurora AWS Serverless - amazon-aurora

I’ve now tried to create a serverless Aurora (MySQL compatible) database and connect to it for two days, and I just can’t seem to get it to work. Supposedly I should have been able to get it up and running in five minutes.
In any case, I created am Aurora Serverless database in the US East (N. Virginia) region (us-east-1), and have been able to connect to it with the AWS Query Editor. I also have an EC2 server in the same region, and have given the Aurora database the same security group (under RDS > Security Group), and in the security group I have opened for MYSQL/Aurora (TCP, 3306) from all sources. When I click the modify button on the database, there is also another (VPC) Security Group listed (rds-launch-wizard-4), which was created automatically. This one I also located under my EC2 dashboard and gave access to all ports from all sources (inbound), and to all ports (outbound). And there is a networking VPC & subnet group, which I don’t know what to do with, if anything.
I try to connect to the database, using this command line command:
mysql -h hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com -P 3306 -u root –p
It generates an error “ERROR 2003 (HY000): Can't connect to MySQL server on” on both my EC2 instance, my local computer and on other online servers.

From the EC2 instance, try doing a telnet on the DB port to test if all your security group settings are applied correctly.
telnet hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com 3306
If the connection does go through, then the issue is with your client code. Cross check that you have wired the right endpoint in your code.
If the telnet connection does not group (I'm guessing that it would not), then it is guaranteed that your security group settings are not set correctly. In order to debug this further, we would need more details on:
The list of vpc security groups associated with your cluster.
The details of each of these vpc security groups (You've mentioned that
you've opened up everything, but I'd like to see the exact rules in
place)
As for laptop and other servers - If they are outside the VPC, then it would not work. Aurora Serverless is accessible only from within the VPC as of now.

Related

Not able to connect Amazon Aurora Serverless from SQL client

Today I've created Amazon Aurora Serverless cluster for PostGreSql in us-west-2, ensured the VPC and security groups in
a way that, it should be publicly accessibly. But I'm not able to connect that cluster using the aurora endpoint from my Navicat/PgAdmin4 desktop client. Then I tried from the EC2 instance that are in same security group/vpc as like as Aurora Serverless, then it worked.
From AWS froum,
You can't give an Aurora Serverless DB cluster a public IP address.
You can access an Aurora Serverless DB cluster only from within a
virtual private cloud (VPC) based on the Amazon VPC service.
Source: https://forums.aws.amazon.com/thread.jspa?messageID=862860&tstart=0
Seems it uses an internal AWS networking setup that currently only supports connections from inside a VPC, and it must be the same VPC where the serverless cluster is deployed.
So now basically my question is that,
Is there any workaround to connect Aurora Serverless with any client like Navicat or PgAdmin4?
I found a cool hack that is working perfectly for my development purpose with some tweaks and I know I don't need this on my production environment.
So as we know Aurora Serverless works only inside VPC. So make sure you are attempting to connect to Aurora within the VPC and the security group assigned to the Aurora cluster has the appropriate rules to allow access. As I mention earier that I already have an EC2 instance, Aurora Serverless and a VPC around both. So I can access it from my EC2 but not from my local pc/ local sql client. To fix that I did below two steps.
1. To access from any client(Navicat in my case),
a. First need to add GENERAL db configurations like aurora endpoint host, username, password etc.
b. Then, need to add SSH configuration, like EC2 machine username, hostip and .pem file path
2. To access from project,
First I create a ssh tunnel from my terminal like this way,
ssh ubuntu#my_ec2_ip_goes_here -i rnd-vrs.pem -L 5555:database-1.my_aurora_cluster_url_goes_here.us-west-2.rds.amazonaws.com:5432
Then run my project with db configuration like this way test.php,
$conn = pg_connect("host=127.0.0.1 port=5555 dbname=postgres user=postgres password=password_goes_here");
// other code goes here to get data from your database
if (!$conn) {
echo "An error occurred.\n";
exit;
}
$result = pg_query($conn, "SELECT * FROM brands");
if (!$result) {
echo "An error occurred.\n";
exit;
}
while ($row = pg_fetch_row($result)) {
echo "Brand Id: $row[0] Brand Name: $row[1]";
echo "<br />\n";
}
This question comes up over and over for multiple AWS services (most new ones are VPC only by default). The short answer is - you can hack up something and expose the DB outside of the VPC, but it is not recommended for a production setup. Assuming this is for a dev setup, by all means try the recommendations from [1]. It is for Neptune, but you can do the exact same thing for Aurora.
[1] Connect to Neptune on AWS from local machine

Oracle installation failed on AWS redhat EC2 instance

I'm trying to install oracle on AWS redhat instance. Follow the steps given on this url: http://www.davidghedini.com/pg/entry/install_oracle_11g_xe_on And when I run config command as follows
/etc/init.d/oracle-xe configure
It gives following error.
Database Configuration failed. Look into
/u01/app/oracle/product/11.2.0/xe/config/log for details
When I check the log files it shows following errors.
ORA-01034: ORACLE not available Process ID: 0 Session ID: 0 Serial
number: 0
It seems specific issue on AWS cloud instance.
Is it because of swap memory?
Or is it because of port issue?
I'm using micro instance on it.
How can I get through?
this might be an EC2 security group issue and outbound access to the network on some port being used by the installer (license check, maybe?).
if your EC2 instance is very tightly locked down, you could test if it's a security group issue by adding a new Outbound security group rule to allow all TCP traffic out to anywhere on the internet (0.0.0.0/0)
for example, the install might be trying to hit a remote licensing server endpoint via HTTP or HTTPS but your security group doesn't allow that traffic out.
perhaps there's a 'verbose' flag that you can run the installer with that can give you more info about what it's failing on? HTH

EC2- connecting to an independently installed SQL Server Express

PLEASE NOTE: This is not an RDS or a prepackaged EC2 with SQL Server solution. I installed an express copy independently after setting up the EC2 instance.
I am evaluating a free tier instance of AWS EC2. Several months in, I decided to install SQL Server 2014 express on the instance on my own. However I cannot connect to the SQL Server instance via SSMS from another server box local to us.
The following is a checklist of what I have done so far:
SQL Server Configuration Manager
Configured to run SQL Browser
Enabled TCP on the SQL Server instance
Windows Firewall
Created an inbound rule to allow communication on TCP port 1433 and 1434
Created an inbound rule to allow communication on UDP port 1434
AWS security group of EC2 instance where SQL Instance resides
Mirrored the rules above in the Windows firewall for inbound traffic from the local server I'm trying to access the EC2 instance from
Successfully tested if RDP and ICMP work on the instance
I believe my issue lies in the how I am referring to the SQL instance:
ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com\INSTANCE_NAME
I've also noticed that when I log in on the EC2 instance's copy of SSMS, there is a two part name like so:
WIN#########\INSTANCE_NAME
Please help as I feel I've exhausted all options. This shouldn't be that impossible.

MemSQL - unable to connect remotely to EC2 cluster using MySQL client

I have used http://cloud.memsql.com to successfully deploy a MemSQL cluster to EC2 as documented here: http://docs.memsql.com/4.0/setup/setup_cloud/.
I can SSH to the master aggregator, and successfully login to the MemSQL prompt locally. However, I cannot connect remotely using a MySQL client application.
I have double-checked port 3306 is open and just for testing have applied all privileges to root:
GRANT ALL PRIVILEGES ON *.* TO root#'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
The documentation states:
Once your cluster is up and running, connect to the master aggregator using any valid MySQL client driver.
Can anyone advise on a step I have missed?
--
UPDATE 1 - The source range is open for the MemSQL port:
3306 tcp 0.0.0.0/0
UPDATE 2 - ufw has been disabled for testing.
Currently, clusters spun up by cloud.memsql.com lock down their security group to the vpc for the MemSQL ports (like 3306). If you want to access it from outside of the vpc, you will need to add a new rule to the group. Something like this would open the group completely:
Add an Ingress rule for port 3306-3306 for CIDR: 0.0.0.0/0
Note that this will open the cluster to the world, and anyone will be able to connect. Instead of 0.0.0.0/0, I recommend using your public ip and a /32 like so: YOUR_IP/32
It turned out to be a DNS issue by the provider I was using. Tried connecting using a cell phone and had no issues.

Connecting to RDS Instance from Elastic Beanstalk

This has been killing me all day.
I've set up Elastic Beanstalk, working fine.
Set up RDS, working fine and can access from my laptop.
But when i try to connect to the RDS from my ES application i get a timeout error.
Extra info is that i'm using a Laravel application, connecting to a MYSQL database. All of my environment variables have been loaded and accepted fine.
I'm almost certain it's a security groups setting, but the docs are so tremendously bad for AWS that i haven't got a clue what to do!
Any help?
Answer was to go to Services > VPC
Under the Security section, click Security groups.
Click the RDS group, then Inbound Rules.
Edit, then add a rule:
Select MYSQL, change the port, then the IP should be custom IP and type in the ID of your Elastic Beanstalk security group / groups (No idea why i have 2)

Resources