How to connect to an Oracle Database running on Amazon AWS EC2? - oracle

I have an Oracle Database instance running in Amazon AWS EC2 service. (it is not RDS Relational Database Services).
How can I configure my Oracle SQl Developer to to access this remote databse in AWS EC2?
By checking AWS documentation I found only references to connect to Oracle databse running in RDS services.
I apreciate your help.
Thanks

In AWS, edit the Security Group for your instance to add a rule (if one doesn't already exist).
Inbound
Type = SSH
Protocol = TCP
Port Range = 22
Source = "My IP", or "Custom" (as you wish)
In SQL Developer, open View -> SSH.
Right-click "SSH Hosts", New SSH Host.
Name = whatever you like
Host = your server's IPv4 Public IP address
Port = 22 (default)
Username = root or ec2-user, whichever is appropriate for the linux AMI you used
Use key file = tick this and select your key file for your instance
Add a Local Port Forward = tick this and accept the defaults (localhost, port 1521)
Edit the properties of your SQL Developer Database Connection
Connection Type = SSH
Port Forward = the name of the SSH Host you created earlier
SID / Service name = whatever SID or Service name you need

If you want to add another layer of security. SSH or DMZ + Load Balancing is the way to go. If not Make sure the following are all open for the IP. firewall, VPC Network, AWS inbound outbound rules.

Related

Able to ping EC2 from on-premises through VPN. But, unable to ping DMS replication instance

I have setup a VPN and able to ping the Private IP of EC2 instance from on-premises and vice versa. However, I am unable to the ping the Private IP of DMS Replication Instance.
I have created an endpoint pointing DB in EC2. Endpoint test connection succeeds. However, endpoint test connection fails for DB in on-premises.
The EC2 and DMS Replication Instance use the same Subnet, Security Group etc., The details are given in the image below.
May I know
1) why the DMS instance is not communicating with on-premises (and vice-versa)
2) why EC2 works fine in VPN but not DMS instance?
EDIT:
Details of Security Group associated with the DMS instance:
vpc - the same default vpc used by EC2
inbound rules - all traffic, all protocol, all port range, source = 192.168.0.0/24
outbound rules - all traffic, all protocol, all port range, source = 0.0.0.0/0
Route table:
destination - 10.0.0.0/16, target = local
destination - 0.0.0.0/0, target = internet gateway
destination - 192.168.0.0/24, target = virtual private gateway used in VPN
This is the error message I get when I try to test the DMS DB endpoint connection:
Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HYT00 NativeError: 0 Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired ODBC general error.
You might need to describe/provide your full network topology for a more precise answer, but my best guess, based on AWS' documentation on "Network Security for AWS Database Migration Service", is that you're missing source and target database configuration:
Database endpoints must include network ACLs and security group rules that allow incoming access from the replication instance. You can achieve this using the replication instance's security group, the private IP address, the public IP address, or the NAT gateway’s public address, depending on your configuration.
Also, is this EC2 you mentioned a NAT instance? Just in case:
If your network uses a VPN tunnel, the Amazon EC2 instance acting as the NAT gateway must use a security group that has rules that allow the replication instance to send traffic through it.

Access an RDS DB on a private subnet from an ec2 on a public subnet via SSL

I have an instance of AWS RDS running in a private subnet of a VPC.
I would like my EC2 machine, which is running on a public subnet to have access to it via SSL (and not SSH like I saw people suggest. I want to access it directly from the code via SSL).
Is there a way to do so?
The EC2 instance should have direct access to the RDS instance as long as they are in the same VPC. You just need to open up the security group assigned to the RDS instance to allow ingress from the EC2 instance.
I think you have SSH tunneling (which isn't needed when both servers are in the same VPC) and SSL database connections confused. SSH and SSL would be completely unrelated in this case.
SSL connection support would be a function of the specific database engine you are using. If your database is configured to support SSL connections, then you should be able to configure your database client software running on your EC2 instance to use SSL when creating connections to the database.

MemSQL - unable to connect remotely to EC2 cluster using MySQL client

I have used http://cloud.memsql.com to successfully deploy a MemSQL cluster to EC2 as documented here: http://docs.memsql.com/4.0/setup/setup_cloud/.
I can SSH to the master aggregator, and successfully login to the MemSQL prompt locally. However, I cannot connect remotely using a MySQL client application.
I have double-checked port 3306 is open and just for testing have applied all privileges to root:
GRANT ALL PRIVILEGES ON *.* TO root#'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
The documentation states:
Once your cluster is up and running, connect to the master aggregator using any valid MySQL client driver.
Can anyone advise on a step I have missed?
--
UPDATE 1 - The source range is open for the MemSQL port:
3306 tcp 0.0.0.0/0
UPDATE 2 - ufw has been disabled for testing.
Currently, clusters spun up by cloud.memsql.com lock down their security group to the vpc for the MemSQL ports (like 3306). If you want to access it from outside of the vpc, you will need to add a new rule to the group. Something like this would open the group completely:
Add an Ingress rule for port 3306-3306 for CIDR: 0.0.0.0/0
Note that this will open the cluster to the world, and anyone will be able to connect. Instead of 0.0.0.0/0, I recommend using your public ip and a /32 like so: YOUR_IP/32
It turned out to be a DNS issue by the provider I was using. Tried connecting using a cell phone and had no issues.

Access to public IP - Amazon instance

I'm running some node services on an Amazon instance (EC2), the service were deployed using ssh over the instance, but for some reason, I can't access to the service using the public IP, but all the services are running. Is necessary enable the public IP in the configuration of my EC2 setting or something like that?
Make sure your security group has the proper ports opened up. In the EC2 console, go to Security Groups (on the left side of the page). Find the security group of the EC2 instance.
There is a tab called Inbound. Make sure you have a row with the type = SSH, protocol = TCP, port = 22, and source = 0.0.0.0/0

Connect to remote MySQL database on ec2 Ubuntu machine

I have seen a few related questions on SO, but none have helped me. I setup a MySQL database on an Ubuntu machine on EC2. I am trying to connect to it from within R, using e..g ,
con <- dbConnect(MySQL(), username = user, dbname = db, host = host, password = password)
where the username and password are those for the remote database, and the host is the ec2 address (something like ec2-54-456-161-6.us-west-2.compute.amazonaws.com [not a real one])
Any thoughts on how to do this?
To log in to the Ubuntu machine the database is installed on from the shell on my machine I have to use the key pem file. Does this key have to be provided to authenticate? If so, how?
Make sure the MySQL instance listens on the network, even if you're on the same machine. In /etc/mysql/my.cnf, change this:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
This should be in a number of MySQL tutorials and is not EC2 specific.
You want to make sure that you can connect to the DB from the server itself. Once that is taken care of, try the remote access. If a port ends up being blocked, you can also got the route of an ssh tunnel -- which again is described in a number of tutorials.
The problem in my case was that I just need to add a new rule to the security group to allow remote connections on port 3306. See below screenshot of the rule added (the bottom line)
That was all that was needed.

Resources