I have a GO server on an EC2 instance on AWS with the same VPC as my Postgres database. I'm currently able to get the server communicating with the Postgres database by reading the password from an environment variable, but I'm not sure if this is the right way to be handling this. Is there a way I can have the server communicate with the database without having the password stored in plain text?
There is no need to use your database password to connect the server with the database. Enable IAM authentication in your RDS, and attach that role with the EC2 server running the go server.
You can easily find the implementation details here.
Connecting to AWS RDS from java without exposing password
Related
in order to improve the security of my aws environment that has an ec2 instance that connect to an RDS in a private subnet, i use a SSH connection. i want to add a MFA to the SSH connection. i should be able to connect to EC2 without problem, but i wonder how would i connect to my RDS database that works on postgres for example, would i be prompted to input the verification code in Pgadmin?
here is a reference of the video to add MFA in EC2. but again the question is , would i still be able to use pgadmin?
https://www.youtube.com/watch?v=iOb6eZJqj-k
This MFA is not related to AWS. This MFA is just plugin for the PAM(
Pluggable Authentication Modules) in linux.
You can use it to enable MFA for SSH. This is optional authentication. It is better option to invest time to hide visibility of your VM to minimum and protect your private keys.
To improve your RDS security enable SSL in your database. After you enable it, your application (and user) requires the SSL certificate to connect your DB. You can read more in the PG docs: https://www.postgresql.org/docs/10/ssl-tcp.html
Important
You should never open phpPgAdmin to entire world. You have to limit it at least to VPN, better remove it from server and install(e.g. with docker) only when needed.
I got problem. I did opened server from the AWS EC2 AMAZON. Its gived me .pem file. With putty key generator i did changed it to .ppk file. I want to connect my server without .ppk or .pem or any like that file. How can i remove this security check point? Thanks.
Best Regards.
You need to authenticate using the private ssh key when you connect to an EC2 instance. If you don't want to do that, then there are two choices
Recommended : To use new AWS web console ssh connection to your EC2 instance
This is quite a new feature introduced by AWS to ssh into you EC2 instance from the web browser. In your EC2 view, select the instance and click on the Connect button
Not recommended Using password based authentication for a new user.
I wouldn't be providing details on this one as it is not secured to use password based authentication and your should ideally be using the ssh keys based auth.
On AWS, I know how to set up a web server with inbound rules allowing HTTP and HTTPS and a database security group that only connect to the web server. The issue is I need to create a front end to manage the databases without using Internet access - this will be internal only and precludes the use of a public IP / public DNS. Does anyone know how I would do this?
To further elaborate, some of our AWS accounts are for internal use only - we can log in to the console, use CygWin to SSH in, see what's there, etc. But these accounts are for development purposes, and in a large enterprise such as this one, these are not allowed an IGW. So - no inbound Internet access is allowed. How do I create an app (e.g., phpMyAdmin type) in which our manager can easily view and edit the data in the database given the restriction that this must be done without inbound Internet access?
Host your database on RDS inside a VPC and create a VPN connection between your client network and your VPC.
host your database on one EC2 and also upload your front end there. your database will be running on locally on EC2 and you can connect front end to database. where database will not have public DNS it will running locally you can access only using SSH and front end script.
you check this official documentation from aws : https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html
for frontend script you can use https://www.adminer.org/ which is one file database management system. one simple file is there using this make connection to locally running database on EC2
Problem explanation: Not able to connect to RDS-MYSQL instance from another EC2 instance. The other instance is an Amazon-Unix.
listed below are the things tried.
Checked the security group [allowed all].
Was trying to install MYSQL monitor.It wasn't successful.
Installed PHP, httpd successfully.
Updated my connect.php with the username password, dbname and with the endpoint details already.
Error message "mysql_native_passwordConnection closed by foreign host".
Do you mean Amazon RDS instance and you have MySQL DB installed on it. If that's what you are asking, you don't have access to instance level in AWS RDS, only DB level access is permitted. The instance is maintained by AWS, so that you can focus on the DB side.
I am stuck on making a AWS Data Pipeline which takes data from RDS Mysql to s3.
I ahve tried Template but failed alot. Then I made this self configured pipeline but still no success. Can anyone point out the problem by seeing the architect?
Here are the RDS MySQL Details -> NOTE <- that username in picture is different because I am using a separate user and the username in picture is administrator
This is the Data Pile Line Architect
Below are the settings of first block i.e Configuration
Below are the settings of RDS MySQL DataBase
Below are settings of EC2 Machine
Below are the Settings of SQL Data node - which i guess gets data from RDS
Below are the Settings of Copy Activity
Below are the settings of S3 Data Node - which i guess puts data on S3
Here is the ERROR LOG
I read that it could be an error due to VPC (Virtual Private Cloud) permissions but I am not sure how to add these settings as the server is a Production Server and I am afraid to perform this test. Can any one provide a solid solution please?
As previously mentioned, your ec2 instance is not able to contact the Database endpoint. Please use the link to configure the security groups correctly http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html
To test this, spin up a ec2 instance in the subnet and telnet to the database endpoint to ensure the connection is fine. You can then resume the activation of your pipeline.
Commands
sudo yum install telnet
telnet hostname port