How do I connect to my Amazon RDS MySQL DB instance or Aurora MySQL DB cluster using Amazon RDS Proxy?
How do I connect to my Amazon Relational Database Service (Amazon RDS) DB instance or Amazon Aurora DB cluster that's running MySQL by using Amazon RDS Proxy?
Short description
You can use Amazon RDS Proxy to manage connections to your application. For more information on what engines are supported by RDS Proxy, see Managing connections with Amazon RDS Proxy.
Resolution
Before you begin, your Amazon RDS Proxy must be in the same VPC as the database. Although you can make the database publicly accessible, the proxy can't be publicly accessible.
1. Create database credentials in AWS Secrets Manager.
Note: Use the same user name and password as your database when you create your secret.
2. Create an AWS Identity and Access Management (IAM) policy and an IAM role.
Note: This step is optional. Amazon RDS Proxy can create an IAM role automatically in step 3. Follow this step if you want to create your own IAM role.
3. Create an Amazon RDS Proxy.
4. Check that the proxy endpoint is reachable:
nc -zv <proxy_endpoint> 3306
This command returns an output similar to the following:
nc -z test-proxy.proxy-xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com 3306 Connection to test-proxy.proxy-xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com 3306 port [tcp/mysql] succeeded!
Note: You can only run this command on an EC2 machine that is in the same VPC as the RDS Proxy. This command doesn’t run on local machines.
5. Connect to the RDS DB instance using the Amazon RDS Proxy:
mysql -h <proxy_end_point> -u username -p
This command returns an output similar to the following:
mysql -h test-proxy.proxy-xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com -u admin -p Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2946664484 Server version: 5.7.28-log Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
Or, you can connect to the RDS DB instance using Amazon RDS Proxy with an SSL connection by following these steps:
1. Optionally, enable Require Transport Layer Security when you create the Amazon RDS Proxy. You can also modify an existing RDS Proxy to enable this option.
Note: Changing the parameter to Required means that connections must use SSL. Any plaintext connections are rejected. If this parameter isn't enabled, then Amazon RDS Proxy can connect to the RDS DB instance with and without SSL.
2. Download the Amazon Root CA 1 trust store .pem file from Amazon Trust Services:
wget https://www.amazontrust.com/repository/AmazonRootCA1.pem
mysql -h test-proxy.proxy-xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com -u admin --ssl-mode=REQUIRED --ssl-ca=AmazonRootCA1.pem -p
Or connect using SSL by running this command:
mysql -h test-proxy.proxy-xxxxxxxxxxxxx.eu-west-1.rds.amazonaws.com -u admin --ssl-mode=VERIFY_IDENTITY --ssl-ca=AmazonRootCA1.pem -p
Note: Because Amazon RDS Proxy uses wildcard certificates, you must use the MySQL 8.0-compatible mysql command if you use the MySQL client to connect with SSL mode VERIFY_IDENTITY.
When you connect, the following output is returned:
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 12659040 Server version: 5.7.28-log Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
Related information
Ähnliche Videos

Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Monat
- AWS OFFICIALAktualisiert vor 3 Monaten
- AWS OFFICIALAktualisiert vor 7 Monaten
- AWS OFFICIALAktualisiert vor 2 Jahren