SSLMode = verify-full on RDS DB instanse - amazon-web-services

I want to enable mandatory validation of the user's ssl certificate when connecting to a database. I read in the documentation that in the group parameters you need to set the parameters rds.force_ssl = 1 and ssl = 1.
I did it. Restarted the instance, however I can still connect to the database without asking for a certificate. What am I doing wrong?

Use the require_secure_transport parameter to require that all user connections to your MySQL DB instance use SSL/TLS. By default, the require_secure_transport parameter is set to OFF. You can set the require_secure_transport parameter to ON to require SSL/TLS for connections to your DB instance.
You can set the require_secure_transport parameter value by updating the DB parameter group for your DB instance. You don't need to reboot your DB instance for the change to take effect.
When the require_secure_transport parameter is set to ON for a DB instance, a database client can connect to it if it can establish an encrypted connection. Otherwise, an error message similar to the following is returned to the client:
MySQL Error 3159 (HY000): Connections using insecure transport are prohibited while --require_secure_transport=ON.

Related

Connect to RDS eb2 by tableplus?

I have table plus app and I create eb then deploy my project then connect to database and all thing is good and cool!
I need to connect to database(MYSQL) to import some data to the AWS database so I do these steps:
open new workspace in table plus
take endpoint and username of database and the password and the name of database like so:
press Test button and after wait some times I got this error:
I change the port to also 5432 and got same first error
I change the port to 3306 and got this error:
where is the problem ?
Ok the way i did it was by following this video:
https://www.youtube.com/watch?v=saX75fTwh0M&ab_channel=AdobeinaMinute
In short you need to get the details of your instance and set up an ssh connection to it using its hostname (ie that of the instance not the db), your ec2 username (usually ec2-user) and your pem file. Then you get the connection details for the db and enter them. See the screenshot.
I think that your problem is that the configuration you created is set to a Redshift connection. It expects some network communications that are different from a MySQL connection.
Can you try to create a MySQL connection instead?
I had the same issue but my problem was with the security rules in aws. perhaps, this may help.
Navigate to the console
edit inbound rules of your rds instance
add a new security rule
where: type: 'all traffic', source: anywhere
This video gives a google explanation: aws rds setup

How to connect in the instance of RDS database in aws public, accessibility don't work

How to connect to an instance to a database?
I followed the tutorial, manual and video:
Creating an Amazon RDS DB Instance - Amazon Relational Database Service
Connecting to a DB Instance Running the PostgreSQL Database Engine - Amazon Relational Database Service
When I follow and create the instance for testing even with the public accessibility enabled, when I will try to make the connection through pgAdmin, due to the timeout error. I have to make some more configuration for the connection?
Endpoint (Host): database-teste.c4uzzi1gwwoz.us-east-2.rds.amazonaws.com
Port: 5432
change the security group, in the entry and exit rules, modify the type of postgresSql and change the source of my IP inside box select on both, and set the port range to 5432

Unable to connect to AWS/RDS database instance

I am attempting to connect to a recently created PostGRES database instance on RDS using SQLWorkbench. When I test the connection it is unable to connect.
I am using the admin username and password. For the SQL Connection Profile I have used this as my URL:
jdbc:postgresql://database_instance_name.cdixyzkzrpmy.us-east-2.rds.amazonaws.com:5432/database_name
There are no specific details reported from SQLWorkbench other that it was unable to connect after I clicked the test connection button.
Perhaps there are additional settings in the database's RDS access/security settings that need to be set as well to allow for a connection from a non-AWS (local) machine?
This was fixed by modifying the database's default VPC security group's default inbound rule to allow access to port 5432 from any IP address.

Neo4j AWS Browser Connection Working for One instance, not another

I have two Neo4j instances at AWS EC2. The second was created from the first and all port permissions were replicated. I can access and log in to the original using my FireFox browser. When I try to connect to the 2nd instance, I get asked to login. I use the instance ID for the second instance but get an error message:
ServiceUnavailable: WebSocket connection failure. Due to security
constraints in your web browser, the reason for the failure is not
available to this Neo4j Driver.
Why does the connection work for one and not the other instance? What is the fix?

AWS lambda pymssql error connecting to local database

I am creating an Alexa skill to get some information from my local database on request. I have SQLServer 2008 running and I can use the pymssql library to pull data when I run my code locally. However after deploying it with AWS, I see the following error :
File "pymssql.pyx", line 644, in pymssql.connect (pymssql.c:10892)
InterfaceError: Connection to the database failed for an unknown reason.
Here is a screen capture of my aws package, which I created with the help of Amazon EC2 :
The relevant code to connect to the SQL DB is as below :
def getDB_response():
session_attributes = {}
card_title = "farzi"
server = 'LT-CMU352CCM5'
user = 'ss'
passwd = 'abc#1234'
DB = 'Market_DB'
port = '1433'
conn = pymssql.connect(server, port,user, passwd, DB)
cursor = conn.cursor()
cursor.execute('select ##servername')
row = cursor.fetchone()
Does anyone know if there is anything else needed for my aws function to talk to my local DB?
Since you're using your own laptop as a server, you can't use server name like that. "LT-CMU352CCM5" is recognizable from your local network (that's thy connection works when you run function locally), but not from the internet. Database has to be visible from the internet. You'd have to provide your public IP, and to set your router to forward the traffic from the internet (for port 1433) to your laptop (look at port forwarding for your specific router model). Also, you have to set your firewall to allow incoming traffic, and SQL server as well (turn on the TCP/IP and Named Pipes Protocols in your SQL server configuration manager).
Since you're not using RDS, you don't have to put Lambda function in a security group you'd do it by going to Lambda section in your AWS account, choose appropriate Lambda function, and in Network section for that Lambda function choose appropriate VPC, subnet and security group).
Issue that you have with your set-up is that your IP address will change sometimes, so you'd have to change the Lambda function every time that happens. I would urge you to reconsider using local laptop for DB server for something that's going to be used publicly.