So basically - I've enabled RDS Proxy (still in Preview) for my Aurora MySQL DB and the Proxy is created and available for use.
The Proxy uses a DB User/Pwd combination sourced from Secrets
Manager to connect to the MySQL DB.
The Proxy can be accessed without Authentication (IAM role based
authentication is supported but I've not configured it yet).
When I connect to the proxy endpoint it fails with "Failed to Connect to MySQL" on my MySQL client and on the Cloudwatch logs for the Proxy I see the following 2 lines for each connection attempt..
[INFO] [clientConnection=3488645722] New client connection from 10.XX.XX.XX:63344
[INFO] [clientConnection=3488645722] Client connection closed. Reason: Internal error.
Cloudwatch Metrics just reports increase in ClientConnectionsReceived metric for each connection attempt and no change to the ClientConnectionsClosed metric.
So basically I am clueless as to why the client connection is getting closed.. Any hints/clues would be much appreciated..
Try one of those:
Ensure your user is created in the RDS Database. Test that you able to connect directly with that user.
Ensure RDS proxy security group is whitelisted in the RDS security group.
On the secrets manager ensure you've selected the right RDS database.
Related
i am unable to connect to Neptune DB from local system via ssh-tunnel EC2(ec2 exists in same vpc as neptune db) where neptune DB connectivity is established when Neptune IAM DB authorization is enabled.
With disabling IAM DB authorization i can able to access neptune DB from local machine.I could not find enough documentation on this. Can someone please help.
If using an SSH tunnel and using localhost in your connection string, you'll need to modify whatever IAM SigV4 process you're using to make sure the host header matches the Neptune cluster endpoint. Otherwise, you'll be attempting to sign the request using localhost as the host and the signature will be invalid.
How to connect to an instance to a database?
I followed the tutorial, manual and video:
Creating an Amazon RDS DB Instance - Amazon Relational Database Service
Connecting to a DB Instance Running the PostgreSQL Database Engine - Amazon Relational Database Service
When I follow and create the instance for testing even with the public accessibility enabled, when I will try to make the connection through pgAdmin, due to the timeout error. I have to make some more configuration for the connection?
Endpoint (Host): database-teste.c4uzzi1gwwoz.us-east-2.rds.amazonaws.com
Port: 5432
change the security group, in the entry and exit rules, modify the type of postgresSql and change the source of my IP inside box select on both, and set the port range to 5432
I have a GO server on an EC2 instance on AWS with the same VPC as my Postgres database. I'm currently able to get the server communicating with the Postgres database by reading the password from an environment variable, but I'm not sure if this is the right way to be handling this. Is there a way I can have the server communicate with the database without having the password stored in plain text?
There is no need to use your database password to connect the server with the database. Enable IAM authentication in your RDS, and attach that role with the EC2 server running the go server.
You can easily find the implementation details here.
Connecting to AWS RDS from java without exposing password
I'm getting an error in configuring a database connection in a Google Cloud Data Fusion Pipeline.
"Encountered SQL error while getting query schema: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server."
We can't connect outside of the company building as the company IP's are whitelisted in AWS security settings. I can query easily using mysql workbench inside the company so, I'm guessing I need to add some IPs to our AWS security groups to provide Data Fusion permissions? I can't find a guideline on this. Where can I find the ip's required to provide in AWS? (Assuming that might fix it)
I've added a mysql plugin artefact using 'mysql-connector-java-8.0.17.jar', which is referred to by plugin name 'mysql-connector-java'.
Do VPN between your GCP VPC and your AWS VPC where your RDS is residing
https://cloud.google.com/solutions/using-gcp-apis-from-an-external-network
https://cloud.google.com/solutions/automated-network-deployment-multicloud
Simple way
Create Haproxy with public IP
Data Fusion --> VM Haproxy Public IP --> AWS RDS Private IP
I am following the Django sample for GAE and have problem to connect to Cloud SQL instance by Proxy from Google Cloud Shell. Possibly related to permission setting since I see the request not authorized,
Other context,
"gcloud beta sql connect auth-instance --user=root" has no problem to connect.
I have a service account for SQL Proxy Client.
I possibly miss something. Could someone please shed some light? Thanks in advance.
Thanks in advance.
Proxy log:
./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306
2017/02/17 14:00:59 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:00:59 Ready for new connections
2017/02/17 14:01:07 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:03:16 couldn't connect to "auth-158903:asia-east1:auth-instance": dial tcp 107.167.191.26:3307: getsockopt: connection timed out
Client Log:
mysql -u root -p --host 127.0.0.1
Enter password:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
I also try with credential file but still no luck,
./cloud_sql_proxy -instances=auth-158903:asia-east1:auth-instance=tcp:3306 -credential_file=Auth-2eede8ae0d0b.jason
2017/02/17 14:21:36 using credential file for authentication; email=sql-proxy-client#auth-158903.iam.gserviceaccount.com
2017/02/17 14:21:36 Listening on 127.0.0.1:3306 for auth-158903:asia-east1:auth-instance
2017/02/17 14:21:36 Ready for new connections
2017/02/17 14:21:46 New connection for "auth-158903:asia-east1:auth-instance"
2017/02/17 14:21:48 couldn't connect to "auth-158903:asia-east1:auth-instance": ensure that the account has access to "auth-158903:asia-east1:auth-instance" (and make sure there's no typo in that name). Error during get instance auth-158903:asia-east1:auth-instance: googleapi: **Error 403: The client is not authorized to make this request., notAuthorized**
I can reproduce this issue exactly if I only give my service account "Cloud SQL Client" IAM role. When I give my service account the "Cloud SQL Viewer" role as well, it can then connect. I suggest you try this and see if it helps.
It looks like a network connectivity issue.
Read this carefully if you use a private IP :
https://cloud.google.com/sql/docs/mysql/private-ip
Note that the Cloud SQL instance is in a Google managed network and the proxy is meant to be used to simplify connections to the DB within the VPC network.
In short: running cloud-sql-proxy from a local machine will not work, because it's not in the VPC network. It should work from a Compute Engine VM that is connected to the same VPC as the DB.
What I usually do as a workaround is use gcloud ssh from a local machine and port forward over a small VM in compute engine, like:
gcloud beta compute ssh --zone "europe-north1-b" "instance-1" --project "my-project" -- -L 3306:cloud_sql_server_ip:3306
Then you can connect to localhost:3306 (make sure nothing else is running or change first port number to one that is free locally)
The Cloud SQL proxy uses port 3307 instead of the more usual MySQL port 3306. This is because it uses TLS in a different way and has different IP ACLs. As a consequence, firewalls that allow MySQL traffic won't allow Cloud SQL proxy by default.
Take a look and see if you have a firewall on your network that blocks port 3307. To use Cloud SQL proxy, authorize this port for outbound connections.