DEV Community

Revathi Joshi for AWS Community Builders

Posted on

Connecting to an existing Amazon RDS MySQL Database via RDS Proxy - 2

This is in continuation of my 1st article, where we have created and connected to an Amazon RDS MySQL Database via EC2 instance.

In this article, I am going to show you how to create an RDS Proxy and connect it to an already existing Amazon RDS MySQL Database.

Please visit my GitHub Repository for Aurora articles on various topics being updated on constant basis.

Let’s get started!

Objectives:

6. Store database credentials in AWS Secrets Manager

7. Create IAM role and policy

8. Create an RDS Proxy

9. Connect to RDS database through RDS Proxy

10. Clean up

Pre-requisites:

  • AWS user account with admin access, not a root account.
  • Cloud9 IDE with AWS CLI.

Resources Used:

AWS Secrets Manager

IAM Roles

Steps for implementation to this project:

6. Store database credentials in AWS Secrets Manager

  • RDS Proxy accesses a database thru secrets which are stored in AWS Secrets Manager.
  • These secrets are nothing but the database user credentials like username and password.

  • Go to the Secrets Manager section of your AWS Management Console and choose Store a new secret.

  • In the Select secret type box, choose Credentials for RDS database.

  • Then, type the user name and password that you used when creating your RDS database.

  • Choose the corresponding RDS database - database-1 for the secret to access.

  • Choose Next.

  • Secret name - rdssecret and description section, give your secret a name and description so that you can easily find it later.

  • Then, choose Next.

  • Choose the Disable automatic rotation option, and

  • Then choose Next.

  • Secrets Manager console shows you the configuration settings for your secret and some sample code that demonstrates how to use your secret.

  • Scroll to the bottom of the page and choose Store to
    save your secret.

  • After creating the secret, the Secrets Manager page displays your created secrets.

  • Choose your rdssecret.

  • In the Secret details box, it displays the ARN of your secret.

  • Copy this value, as you need it later in this tutorial.

Image description

7. Create IAM role and policy

  • Thru an IAM role with an attached policy, RDS Proxy accesses to the secrets you created in AWS Secrets Manager.

  • Create role

  • Select your use case,

  • choose RDS - Add Role to Database, and

  • choose Next:

  • Add Permissions

  • create policy

  • create policy and select the JSON tab.

  • Delete the existing policy statements.

  • Substituting your secret ARN value for the example listed below. - Then, choose Review policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetRandomPassword",
                "secretsmanager:CreateSecret",
                "secretsmanager:ListSecrets"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "secretsmanager:*",
            "Resource": [
                     "your_secret_ARN"
            ]
        }
    ]
}

Enter fullscreen mode Exit fullscreen mode
  • Review policy section, give your policy a name rds-policy and description so that you can easily find it later.

  • Then, choose Create policy.

  • next, next - review

  • name rds-policy

  • Go to the previous window

Image description

  • Next

  • Choose Roles and then choose Refresh.

Image description

  • Next

  • role - name ----> rds-role

  • Review section, give your role a name and description so that you can easily find it later.

  • Then, choose Create role.

  • confirm role with policy

Image description

8. Create an RDS Proxy

  • Go to the RDS console. In the RDS navigation pane, choose Proxies,
  • then Create proxy.

  • In the Proxy configuration section, do the following:

    • For Proxy identifier, give the proxy a name - rds-proxy
    • Leave the Idle client connection timeout as the 30 minutes.
    • Target group configuration section, for Database, choose the RDS MySQL DB instance - database -1 (This RDS DB instance is the same instance you verified connectivity to in Step 5.)
    • For Connection pool maximum connections, keep the default value of 100.
  • In the Authentication section, do the following:

    • For Secrets Manager secret, choose the secret you created in Step 6. - rdssecret
    • For IAM role, choose the role you created in Step 7. rds-role
    • For IAM Authentication, keep the default setting of ---> Not Allowed (This tutorial uses DB credentials to connect with the RDS Proxy so IAM Authentication is not used.)
  • In the Connectivity section, do the following:

    • Clear the Require Transport Layer Security check box.
    • For Subnets, choose a minimum of two subnets in different Availability Zones.
    • Expand Additional connectivity configuration, and for VPC security group, choose the existing rds-sg for security group.
  • In the Advanced Configuration section, keep the Activate selection for Enhanced logging.

  • choose Create proxy.

  • You will see this message while rds-proxy is being created.

    • Creating RDS Proxy rds-proxy for database database-1. Your proxy might take up to 20 minutes to create and become available. A secret in Secrets Manager and an IAM policy that accesses the secret for use with this proxy have been created. To view these resources, check the proxy's details page.
  • Wait for the proxy status to change from Creating to Available, then select the proxy.

  • Proxy configurations section, make a note of the Proxy endpoint and confirm all other parameters are correct.

rds-proxy endpoint

rds-proxy.proxy-cgizjtuyxkda.us-east-1.rds.amazonaws.com
Enter fullscreen mode Exit fullscreen mode

Image description

9. Connect to RDS database through RDS Proxy

  • On EC2 console, choose myec2 instance

  • Choose Connect.

  • Or ssh into myec2

sudo su

yum install mysql

mysql -h <proxy endpoint> -P 3306 --user=admin --password

mysql -h rds-proxy.proxy-cgizjtuyxkda.us-east-1.rds.amazonaws.com -P 3306 --user=admin --password
Enter fullscreen mode Exit fullscreen mode
  • When prompted, type your password and press Enter.

  • A message showing that you have successfully connected to the RDS DB instance.

10. Clean up

  • Delete RDS Proxy

  • Delete secret

  • Delete IAM role and policy

  • Delete other resources, such as EC2 instance, RDS instance, and corresponding security groups

What we have done so far

  • We have successfully demonstrated connecting to an existing Amazon RDS MySQL Database via RDS Proxy.

Top comments (0)