Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Access to a Mysql RDS through Apprunner

0

I'm trying to surface an RDS instance for access via apprunner for a wix website. I've setup everything as detailed here: https://dev.wix.com/docs/develop-websites/articles/databases/external-databases/aws/integrate-your-aws-databases-with-your-wix-site

the DB seems to be correctly setup as I can access it from mysql workbench and interact with the tables (so it has public accessibility) . However when I try to connect through app runner, I get a "You are not authorised" error.

App runner logs confirm a 401. the RDS instance gives a [MY-013360] warning, although on investigation this seems to a an incorrect user. (see https://lefred.be/content/mysql-whos-filling-my-error-log/)

I'm unsure if it's the app runner can't connect to RDS, or it connected fine, but the credentials are wrong, is there a way to work out the difference? I've tried DB multiple users/passwords and different security group inbound outbound rules (allowing all didn't fix the problem). Credentials are being passed through a secret manager.

I've run out of ideas to diagnose and test, so any ideas appreciated. When I try the default domain for apprunner, I get this:

Argomenti
Migrazione e modernizzazioneAnalisiDatabaseComputazionaliContainerNetworking e distribuzione di contenuti
Tag
Amazon Relational Database ServiceAWS App RunnerGruppo di sicurezzaMySQL
Lingua
English
DG
posta un mese fa107 visualizzazioni
2 Risposte
2
Risposta accettata

Hello.

I also configured my AWS account using the steps in the document below, and was able to confirm the connection to RDS MySQL.
I think I've probably overlooked some setting.
https://dev.wix.com/docs/develop-websites/articles/databases/external-databases/aws/integrate-your-aws-databases-with-your-wix-site
a

For example, are the secret manager settings as per the documentation?
If you configure the settings according to the document, "SECRET_KEY" and "DB" should have been added.
a

Also, are the IAM policies "SecretsManagerReadWrite" and "AmazonRDSDataFullAccess" attached to the AppRunner IAM role?
Are "CLOUD_VENDOR", "SECRET_NAME", and "TYPE" correctly registered in AppRunner's environment variables?

profile picture
ESPERTO
Riku_Kobayashi
con risposta un mese fa
profile picture
ESPERTO
Oleksii Bebych
verificato un mese fa
profile pictureAWS
ESPERTO
Didier_Durand
verificato un mese fa
  • Riku_Kobayashi ESPERTO
    un mese fa

    Is there a guide anywhere for what environment variables you can set? Thanks for the help!

    I looked for the documentation but couldn't find it.

0

It was a config issue, I redefined my environment variables to plaintext rather than referencing the secret and that seemed to do the trick, After this I also ran into an authentication issue because I created the user with:

ALTER USER 'User' IDENTIFIED WITH caching_sha2_password BY 'Password'

rather than

ALTER USER 'User' IDENTIFIED WITH mysql_native_password BY 'Password'

Is there a guide anywhere for what environment variables you can set? Thanks for the help!

DG
con risposta un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente