By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access to a Mysql RDS through Apprunner

0

I'm trying to surface an RDS instance for access via apprunner for a wix website. I've setup everything as detailed here: https://dev.wix.com/docs/develop-websites/articles/databases/external-databases/aws/integrate-your-aws-databases-with-your-wix-site

the DB seems to be correctly setup as I can access it from mysql workbench and interact with the tables (so it has public accessibility) . However when I try to connect through app runner, I get a "You are not authorised" error.

App runner logs confirm a 401. the RDS instance gives a [MY-013360] warning, although on investigation this seems to a an incorrect user. (see https://lefred.be/content/mysql-whos-filling-my-error-log/)

I'm unsure if it's the app runner can't connect to RDS, or it connected fine, but the credentials are wrong, is there a way to work out the difference? I've tried DB multiple users/passwords and different security group inbound outbound rules (allowing all didn't fix the problem). Credentials are being passed through a secret manager.

I've run out of ideas to diagnose and test, so any ideas appreciated. When I try the default domain for apprunner, I get this:

Topics
Migration & ModernizationAnalyticsDatabaseComputeContainersNetworking & Content Delivery
Tags
Amazon Relational Database ServiceAWS App RunnerSecurity GroupMySQL
Language
English
DG
asked 13 days ago96 views
2 Answers
2
Accepted Answer

Hello.

I also configured my AWS account using the steps in the document below, and was able to confirm the connection to RDS MySQL.
I think I've probably overlooked some setting.
https://dev.wix.com/docs/develop-websites/articles/databases/external-databases/aws/integrate-your-aws-databases-with-your-wix-site
a

For example, are the secret manager settings as per the documentation?
If you configure the settings according to the document, "SECRET_KEY" and "DB" should have been added.
a

Also, are the IAM policies "SecretsManagerReadWrite" and "AmazonRDSDataFullAccess" attached to the AppRunner IAM role?
Are "CLOUD_VENDOR", "SECRET_NAME", and "TYPE" correctly registered in AppRunner's environment variables?

profile picture
EXPERT
Riku_Kobayashi
answered 13 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 13 days ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 13 days ago
  • Riku_Kobayashi EXPERT
    13 days ago

    Is there a guide anywhere for what environment variables you can set? Thanks for the help!

    I looked for the documentation but couldn't find it.

0

It was a config issue, I redefined my environment variables to plaintext rather than referencing the secret and that seemed to do the trick, After this I also ran into an authentication issue because I created the user with:

ALTER USER 'User' IDENTIFIED WITH caching_sha2_password BY 'Password'

rather than

ALTER USER 'User' IDENTIFIED WITH mysql_native_password BY 'Password'

Is there a guide anywhere for what environment variables you can set? Thanks for the help!

DG
answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content