I have written a golang aws lambda application and used sqlx for database connection .
I am having problem as the number of db connection is going up too quickly and exhausting the total number connection.
After doing some read, I came across aws rds proxy, but haven't get any example how to use it with Go.
You need to use the proxy URL for connecting to DB in the client. The authentication can be done via native way or based on IAM. The proxy configuration can be found in the below doc
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.html#rds-proxy-connecting-native
Related
Right now I'm using AWS lamba and AWS EC2 and I'm relying on VPC to share data between a lambda function and a server when lambda needs something from the server.
With the right settings in Secure Groups the server accepts only requests from that special lambda and I don't have to do secure the connection between the two because it's like the server and the lambda function are the only two things in their network.
But I'm trying to move my server to another provider, and this means i have to find a way to secure the server
My question: is there something like a VPC I can create between lambda and a server hosted somewhere else AWS? what kind of tecnologies do i need?
I started looking for VPNs and certificates
I have launched a RabbitMQ instance from AWS Broker service. I plan to be able to connect to this from my frontend application too and as such would want a websocket endpoint. I am wondering if AWS exposes a websoket endpoint natively? I came across some documentation which had images showing a wss endpoint under the connection details in the aws console. Please find the attached image for reference.
I don't see this option under the connection of my aws console. Image for reference
I could always launch a separate instance and have it work as a relay, but was just wondering if this is available from within AWS
Based on my current understanding, when I enable a service connection to my Cloud SQL instance in one of my revisions, the path /cloudsql/[instance name]/.s.PGSQL.5432 becomes populated. This is a UNIX socket connection.
Unfortunately, a 3rd party application I'm using doesn't support UNIX socket connections and as such I'm required to connect via TCP.
Does the Google Cloud SQL Proxy also configure any way I can connect to Cloud SQL via something like localhost:5432, or other equivalent? Some of the documentation I'm reading suggests that I have to do elaborate networking configuration with private IPs just to enable TCP based Cloud SQL for my Cloud Run revisions, but I feel like the Cloud Proxy is already capable of giving me a TCP connection instead of a UNIX socket.
What is the right and most minimal way forward here, obviously assuming I do not have the ability to modify the code I'm running.
I've also cross posted this question to the Google Cloud SQL Proxy repo.
The most secure and easiest way is to use the private IP. It's not so long and so hard, you have 3 steps
Create a serverless VPC connector. Create it in the same region as your Cloud Run service. Note the VPC Network that you use (by default it's "default")
Add the serverless VPC Connector to Cloud Run service. Route only the private IPs through this connector
Add a private connection to your Cloud SQL database. Attached it in the same VPC Network as your serverless VPC Connector.
The Cloud configuration is over. Now you have to get the Cloud SQL private IP of your instance and to add it in parameters of your Cloud Run service to open a connection to this IP.
Need to encrypt data in transit from application severs to RDS SQL server with SSL/TLS?
I see aws gives the option to make force encryption = true in parameter group with self signed certs.
Is there a way to use customer certs to import into RDS?
Any configuration steps to do this at application server and on RDS?
Appreciate any info on this . Didn't find anything in AWS knowledge base.
Note: Application servers sit behind load balancer.
For RDS SQL Server you will need to use the PEM that AWS provides for TLS.
You have a choice of either:
Root certificate
Intermediary and root certificate
The application server will need to have access to this certificate before it can connect to the RDS instance.
Unfortunately at this time only Aurora supports uploading your own certificates (and then accessing via ACM), you will need to use the provided one.
For connecting and configuring the RDS there is a specific Using SSL with a Microsoft SQL Server DB Instance page.
I have an existing LAMP project on AWS (Elastic-beanstalk). I now what to set up web sockets on AWS too. According to AWS documentation, the way to do that is via AWS API Gateway. I don't know how this all works but there's documentation I found for setting up WebSockets.
Does the Gateway API connect to another service? If so, what service is this? What am I missing?
I mostly just want to make a Web Socket service to look incoming messages to the MySQL database on my Elastic-beanstalk project. I am totally confused about how to do this. Can anyone advise me about what steps I need to take?
Just because api gateway supports web sockets, doesn't mean you need to use it. ALBs do as well and are a more exact fit for elastic beanstalk.
Does an Application Load Balancer support WebSockets?
AWS doesn't support PHP (Ratchet) Web Sockets