Not able to connect Amazon Aurora Serverless from SQL client

Asked 26/8, 2019 at 15:30 Answered 3/9, 2019 at 4:22

Solved amazon-aurora aws-aurora-serverless

Today I've created Amazon Aurora Serverless cluster for PostGreSql in us-west-2, ensured the VPC and security groups in a way that, it should be publicly accessibly. But I'm not able to connect that cluster using the aurora endpoint from my Navicat/PgAdmin4 desktop client. Then I tried from the EC2 instance that are in same security group/vpc as like as Aurora Serverless, then it worked.

From AWS froum,

You can't give an Aurora Serverless DB cluster a public IP address. You can access an Aurora Serverless DB cluster only from within a virtual private cloud (VPC) based on the Amazon VPC service.

Source: https://forums.aws.amazon.com/thread.jspa?messageID=862860&tstart=0

Seems it uses an internal AWS networking setup that currently only supports connections from inside a VPC, and it must be the same VPC where the serverless cluster is deployed.

So now basically my question is that,

Is there any workaround to connect Aurora Serverless with any client like Navicat or PgAdmin4?

Tinsmith answered 26/8, 2019 at 15:30 Comment(0)

I found a cool hack that is working perfectly for my development purpose with some tweaks and I know I don't need this on my production environment.

So as we know Aurora Serverless works only inside VPC. So make sure you are attempting to connect to Aurora within the VPC and the security group assigned to the Aurora cluster has the appropriate rules to allow access. As I mention earier that I already have an EC2 instance, Aurora Serverless and a VPC around both. So I can access it from my EC2 but not from my local pc/ local sql client. To fix that I did below two steps.

1. To access from any client(Navicat in my case),

a. First need to add GENERAL db configurations like aurora endpoint host, username, password etc. b. Then, need to add SSH configuration, like EC2 machine username, hostip and .pem file path

2. To access from project,

First I create a ssh tunnel from my terminal like this way,

ssh ubuntu@my_ec2_ip_goes_here -i rnd-vrs.pem -L 5555:database-1.my_aurora_cluster_url_goes_here.us-west-2.rds.amazonaws.com:5432

Then run my project with db configuration like this way test.php,

$conn = pg_connect("host=127.0.0.1 port=5555 dbname=postgres user=postgres password=password_goes_here");

// other code goes here to get data from your database
if (!$conn) {
    echo "An error occurred.\n";
    exit;
}

$result = pg_query($conn, "SELECT * FROM brands");
if (!$result) {
    echo "An error occurred.\n";
    exit;
}

while ($row = pg_fetch_row($result)) {
    echo "Brand Id: $row[0]  Brand Name: $row[1]";
    echo "<br />\n";
}

Tinsmith answered 3/9, 2019 at 4:22 Comment(0)

This question comes up over and over for multiple AWS services (most new ones are VPC only by default). The short answer is - you can hack up something and expose the DB outside of the VPC, but it is not recommended for a production setup. Assuming this is for a dev setup, by all means try the recommendations from [1]. It is for Neptune, but you can do the exact same thing for Aurora.

[1] Connect to Neptune on AWS from local machine

Citrin answered 28/8, 2019 at 15:23 Comment(3)

Thanks for the answer. By the way I have did another cool hack to make it work on development – Tinsmith 1/9, 2019 at 6:51

I've added my solution, let me know your thoughts :) – Tinsmith 3/9, 2019 at 4:23

Ah yes, ssh tunnel works too. You'd be limited to a single DB host, but I think your Dev setup needs only that. – Citrin 3/9, 2019 at 5:55

Recommended topics

Hot tags