Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Access to a Mysql RDS through Apprunner

0

I'm trying to surface an RDS instance for access via apprunner for a wix website. I've setup everything as detailed here: https://dev.wix.com/docs/develop-websites/articles/databases/external-databases/aws/integrate-your-aws-databases-with-your-wix-site

the DB seems to be correctly setup as I can access it from mysql workbench and interact with the tables (so it has public accessibility) . However when I try to connect through app runner, I get a "You are not authorised" error.

App runner logs confirm a 401. the RDS instance gives a [MY-013360] warning, although on investigation this seems to a an incorrect user. (see https://lefred.be/content/mysql-whos-filling-my-error-log/)

I'm unsure if it's the app runner can't connect to RDS, or it connected fine, but the credentials are wrong, is there a way to work out the difference? I've tried DB multiple users/passwords and different security group inbound outbound rules (allowing all didn't fix the problem). Credentials are being passed through a secret manager.

I've run out of ideas to diagnose and test, so any ideas appreciated. When I try the default domain for apprunner, I get this:

Themen
Migration und ModernisierungAnalysenDatenbankKalkulationBehälterVernetzung & Bereitstellung von Inhalten
Tags
Amazon Relational Database ServiceAWS App RunnerSicherheitsgruppeMySQL
Sprache
English
DG
gefragt vor einem Monat107 Aufrufe
2 Antworten
2
Akzeptierte Antwort

Hello.

I also configured my AWS account using the steps in the document below, and was able to confirm the connection to RDS MySQL.
I think I've probably overlooked some setting.
https://dev.wix.com/docs/develop-websites/articles/databases/external-databases/aws/integrate-your-aws-databases-with-your-wix-site
a

For example, are the secret manager settings as per the documentation?
If you configure the settings according to the document, "SECRET_KEY" and "DB" should have been added.
a

Also, are the IAM policies "SecretsManagerReadWrite" and "AmazonRDSDataFullAccess" attached to the AppRunner IAM role?
Are "CLOUD_VENDOR", "SECRET_NAME", and "TYPE" correctly registered in AppRunner's environment variables?

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Monat
profile picture
EXPERTE
Oleksii Bebych
überprüft vor einem Monat
profile pictureAWS
EXPERTE
Didier_Durand
überprüft vor einem Monat
  • Riku_Kobayashi EXPERTE
    vor einem Monat

    Is there a guide anywhere for what environment variables you can set? Thanks for the help!

    I looked for the documentation but couldn't find it.

0

It was a config issue, I redefined my environment variables to plaintext rather than referencing the secret and that seemed to do the trick, After this I also ran into an authentication issue because I created the user with:

ALTER USER 'User' IDENTIFIED WITH caching_sha2_password BY 'Password'

rather than

ALTER USER 'User' IDENTIFIED WITH mysql_native_password BY 'Password'

Is there a guide anywhere for what environment variables you can set? Thanks for the help!

DG
beantwortet vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt