I have created a VPC. And inside that vpc in same subnet there are two ec2 instances. There is a deployed application on the first one and on the second one there is installed mysql. I have set up the application to connect to the instance with the installed db but with no success. I will copy the security groups configuration and the db configuration.
How to make both of these two instance communicate and the application from the first instance start using the db on the second. Both of them have public ip and can ping each other.
DB connection
spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
spring.jpa.hibernate.ddl-auto=update
spring.datasource.driverClassName=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://some_ip:3306/demo
spring.datasource.username=root
spring.datasource.password=root
Security groups
There are two security groups and both of the are assign to every ec2 instance.
The added id is the ID of this group.
EDIT1 - of the second security group
In your security group you are not allowing port 3306 which the database needs to communicate over.
Install mysql-client on your app server you can use the cli to see if you can connect to the database MySQL server using:
mysql -h mysql://some_ip -u root
Related
I have two ec2 instances running laravel projects using ubuntu 20.04 on both instances. Both instances are running fine.
One instance contains a database which is also working with one project but I want the same database to connect with the other laravel project while sitting in other EC2 instance. So here is what I means.
2 EC2 instances (Ubuntu 20.04). Let's call them (Instance A & Instance B)
Instance A has mysql database up and running and connected to the laravel project
Instance B also required to use database of Instance A. I did it on digitalocean but I am not finding any solution on internet.
Any help would be really appreciated
Thank You
The problem wasn't with instances security groups.
All I had to do was to allow MySQL to listen to connections from remote IP addresses, and for that, I created a new user in MySQL that listens to the connection from the second ip address.
CREATE USER 'new_remote_user'#'ip-address-of-your-instance' IDENTIFIED BY 'pass-of-new-instance';
grant all privileges on *.* to 'new_remote_user'#'ip-address-of-your-instance';
Today I've created Amazon Aurora Serverless cluster for PostGreSql in us-west-2, ensured the VPC and security groups in
a way that, it should be publicly accessibly. But I'm not able to connect that cluster using the aurora endpoint from my Navicat/PgAdmin4 desktop client. Then I tried from the EC2 instance that are in same security group/vpc as like as Aurora Serverless, then it worked.
From AWS froum,
You can't give an Aurora Serverless DB cluster a public IP address.
You can access an Aurora Serverless DB cluster only from within a
virtual private cloud (VPC) based on the Amazon VPC service.
Source: https://forums.aws.amazon.com/thread.jspa?messageID=862860&tstart=0
Seems it uses an internal AWS networking setup that currently only supports connections from inside a VPC, and it must be the same VPC where the serverless cluster is deployed.
So now basically my question is that,
Is there any workaround to connect Aurora Serverless with any client like Navicat or PgAdmin4?
I found a cool hack that is working perfectly for my development purpose with some tweaks and I know I don't need this on my production environment.
So as we know Aurora Serverless works only inside VPC. So make sure you are attempting to connect to Aurora within the VPC and the security group assigned to the Aurora cluster has the appropriate rules to allow access. As I mention earier that I already have an EC2 instance, Aurora Serverless and a VPC around both. So I can access it from my EC2 but not from my local pc/ local sql client. To fix that I did below two steps.
1. To access from any client(Navicat in my case),
a. First need to add GENERAL db configurations like aurora endpoint host, username, password etc.
b. Then, need to add SSH configuration, like EC2 machine username, hostip and .pem file path
2. To access from project,
First I create a ssh tunnel from my terminal like this way,
ssh ubuntu#my_ec2_ip_goes_here -i rnd-vrs.pem -L 5555:database-1.my_aurora_cluster_url_goes_here.us-west-2.rds.amazonaws.com:5432
Then run my project with db configuration like this way test.php,
$conn = pg_connect("host=127.0.0.1 port=5555 dbname=postgres user=postgres password=password_goes_here");
// other code goes here to get data from your database
if (!$conn) {
echo "An error occurred.\n";
exit;
}
$result = pg_query($conn, "SELECT * FROM brands");
if (!$result) {
echo "An error occurred.\n";
exit;
}
while ($row = pg_fetch_row($result)) {
echo "Brand Id: $row[0] Brand Name: $row[1]";
echo "<br />\n";
}
This question comes up over and over for multiple AWS services (most new ones are VPC only by default). The short answer is - you can hack up something and expose the DB outside of the VPC, but it is not recommended for a production setup. Assuming this is for a dev setup, by all means try the recommendations from [1]. It is for Neptune, but you can do the exact same thing for Aurora.
[1] Connect to Neptune on AWS from local machine
I’ve now tried to create a serverless Aurora (MySQL compatible) database and connect to it for two days, and I just can’t seem to get it to work. Supposedly I should have been able to get it up and running in five minutes.
In any case, I created am Aurora Serverless database in the US East (N. Virginia) region (us-east-1), and have been able to connect to it with the AWS Query Editor. I also have an EC2 server in the same region, and have given the Aurora database the same security group (under RDS > Security Group), and in the security group I have opened for MYSQL/Aurora (TCP, 3306) from all sources. When I click the modify button on the database, there is also another (VPC) Security Group listed (rds-launch-wizard-4), which was created automatically. This one I also located under my EC2 dashboard and gave access to all ports from all sources (inbound), and to all ports (outbound). And there is a networking VPC & subnet group, which I don’t know what to do with, if anything.
I try to connect to the database, using this command line command:
mysql -h hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com -P 3306 -u root –p
It generates an error “ERROR 2003 (HY000): Can't connect to MySQL server on” on both my EC2 instance, my local computer and on other online servers.
From the EC2 instance, try doing a telnet on the DB port to test if all your security group settings are applied correctly.
telnet hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com 3306
If the connection does go through, then the issue is with your client code. Cross check that you have wired the right endpoint in your code.
If the telnet connection does not group (I'm guessing that it would not), then it is guaranteed that your security group settings are not set correctly. In order to debug this further, we would need more details on:
The list of vpc security groups associated with your cluster.
The details of each of these vpc security groups (You've mentioned that
you've opened up everything, but I'd like to see the exact rules in
place)
As for laptop and other servers - If they are outside the VPC, then it would not work. Aurora Serverless is accessible only from within the VPC as of now.
I followed every tutorial from Amazon to set up the RDS Database then to set up the VPC, the subnet, and the Security Groups but I still can't connect to the Database using Laravel command.
However, I can connect to the Database using MySQLWorkbench...
This is the error I got when I use the command "php artisan migrate"
Every help will be more than appreciate, thank you Guys.
I'm taking these settings right out of my RDS instance and the Laravel application that uses it.
The first thing you have to do after setting up your RDS database is to allow the database instance to be accessed publicly. This can be done from your AWS console by going to RDS > DB Instances > your database instance > Modify (top left corner). Then scroll down to the Network and Security section and select 'Yes' for public accessibility.
Also double check your Security groups to make sure there is a rule allowing incoming connections to port 3306.
In your Laravel application's .env file and update the database values.
DB_HOST should contain the endpoint specified on the Connectivity and security section of the RDS dashboard. DB_PORT should remain at 3306. Then specify the database name in DB_DATABASE and the database credentials in DB_USERNAME and DB_PASSWORD.
These are the settings I'm using to connect my Laravel application to an RDS MySQL database.
It's difficult to say but it looks like you have the incorrect DB name.
Double check your RDS db name and the environment variable DB_DATABASE
I have an instance of AWS RDS running in a private subnet of a VPC.
I would like my EC2 machine, which is running on a public subnet to have access to it via SSL (and not SSH like I saw people suggest. I want to access it directly from the code via SSL).
Is there a way to do so?
The EC2 instance should have direct access to the RDS instance as long as they are in the same VPC. You just need to open up the security group assigned to the RDS instance to allow ingress from the EC2 instance.
I think you have SSH tunneling (which isn't needed when both servers are in the same VPC) and SSL database connections confused. SSH and SSL would be completely unrelated in this case.
SSL connection support would be a function of the specific database engine you are using. If your database is configured to support SSL connections, then you should be able to configure your database client software running on your EC2 instance to use SSL when creating connections to the database.