Connecting to Aurora Serverless remotely

Asked 31/10, 2018 at 18:42 Answered 10/7, 2021 at 7:25

mysql node.js amazon-web-services amazon-aurora aws-aurora-serverless

I have an Aurora Serverless db cluster running MySQL. I'm trying to write an application that takes a string from a script and puts it onto the database.

I've been able to successfully connect to the cluster using my ec2 in PuTTY, a node program on the ec2, and MySQL Workbench, but I haven't been able to with my own code. I'm trying to use the node modules ssh2 and mysql2.

var mysql = require('mysql2');
var Client = require('ssh2').Client;

var ssh = new Client();
ssh.on('ready', function() {
  ssh.forwardOut(
    '127.0.0.1',
    12345,
    '127.0.0.1',
    3306,
    function (err, stream) {
      if (err) throw err;
      var sql = mysql.createConnection({
        host: 'my db endpoint',  
        user: 'root',
        password: 'pass',
        database: 'testdb',
        stream: stream
      //sql stuff
  });
}).connect({
    host: 'ec2-publicdns',
    port: '22',
    username: 'ec2-user',
    privateKey: require('fs').readFileSync('pkeyssh') //pem key converted to openssh using PuTTYgen
});

When I run this, I get: Error: (SSH) Channel open failure: Connection refused

Also, is Aurora serverless the correct solution for me? It seems as if there isn't a way to really talk to it without going through the ec2. Should I be looking for a different database host?

Furlana answered 31/10, 2018 at 18:42 Comment(6)

You're able to connect from your local machine on MySQL workbench? I would think that means it's available for external connections, at least with the SSL key setup. Have you read up on the connection limitations? I personally use Aurora on RDS (not serverless config like you, which I believe is just a set of configuration parameters for auto-scaling and such? Not 100% sure there...) – Tamer 31/10, 2018 at 19:35

I was able to connect in workbench using ssh, with my ec2 public dns being the ssh hostname. Aurora serverless doesn't support SSL connections. – Furlana 31/10, 2018 at 19:42

TBH, I don't fully understand your setup (or your issue). You've created an EC2 instance, and then you opened an SSH tunnel from your box to the EC2 instance, correct? And you are able to connect to the db via workbench (on your box) but not via the code you've written. Did I understand the issue correctly? If yes, can you enable debug logs for ssh and share details? – Nonah 31/10, 2018 at 23:53

Change the second 127.0.0.1 to your db endpoint, and them change host: 'my db endpoint' to host: '127.0.0.1'. – Universally 1/11, 2018 at 2:48

You're sort of correct that you need to go through EC2, but you can actually go through anything in your VPC. You could for instance create a Virtual Private Gateway and then access the DB directly through a VPN with no EC2 instance involved. – Universally 1/11, 2018 at 2:52

If you want your db itself to by publically accessible, you need to use a regular RDS instance instead of serverless. – Universally 1/11, 2018 at 2:52

When you create an Aurora Serverless database, you configure a VPC security group, which dictates the rules about where connections can be opened from (CIDR block, and port). You can then grant access from this security group to others by name, or simply launch your application server from within the same security group, which will provide it access. You should not require SSH port forwarding to connect to the DB, even in a testing context.

There's a nice tutorial here: https://aws.amazon.com/getting-started/tutorials/configure-connect-serverless-mysql-database-aurora, and for more information on Database Security Groups please consult https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html.

Crackdown answered 6/11, 2018 at 10:15 Comment(2)

So for the desktop application I'm trying to make, I shouldn't be looking at serverless? – Furlana 7/11, 2018 at 15:27

Serverless can be great for this type of application. You'll just have to allow the IP range for how your office will egress to the internet and come into AWS. – Crackdown 8/11, 2018 at 16:3

Aurora Serverless is hosted inside an Amazon VPC. As per AWS documentation , it can only be accessed from inside the VPC (i.e. from an EC2/ Lambda that sits in the same VPC as the Aurora cluster). This is why you are able to access it from the EC2.

You have three options :

Access the serverless cluster from inside the VPC using an EC2 or Lambda.
Use hosted Aurora instead of serverless which can be accessed publicly.
Use the newly launched Data API to make secure HTTP connections to the serverless cluster from outside the VPC!

Aplanospore answered 10/7, 2021 at 7:25 Comment(0)

Recommended topics

Hot tags