Flask-SQLAlchemy ssl-connection with AWS RDS error

Question

I am trying to connect flask app mysql connection with AWS RDS over ssl , It works when I am try to use mysql client like this

mysql -u user -h myrds.rds.amazonaws.com -p --ssl-ca=rds-combined-ca-bundle.pem

I am able to login but when I am try with flask app

SQLALCHEMY_DATABASE_URI = 'mysql://user:Password@myrds.rds.amazonaws.com.rds.amazonaws.com/miro_dev?ssl_cert=rds-combined-ca-bundle.pem'

it send me error

sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (2026, 'SSL connection error: Unable to get private key')

score 4 · Answer 1 · edited Feb 08 '19 at 17:53

4

I was able to get this work by adding

?sslmode=verify-ca&sslrootcert=rds-combined-ca-bundle.pem

to the connection string.

This came from the postgresql docs here along with the aws docs.

You can change the sslmode to require if you do not care about verifying the rds. I downloaded the pem file from here.

edited Feb 08 '19 at 17:53

Freek Wiekmeijer

4,556
30
37

answered Aug 22 '17 at 22:31

TheHandofTheKing

504
3
6

score 3 · Answer 2 · answered Oct 31 '16 at 12:20

3

I think that in your case the connection string is correct, you just need to use ssl_ca option and not ssl_cert:

SQLALCHEMY_DATABASE_URI = 'mysql://user:password@myrds.rds.amazonaws.com.rds.amazonaws.com/miro_dev?ssl_ca=rds-combined-ca-bundle.pem'

answered Oct 31 '16 at 12:20

Alex Pulver

66
1
7

score 1 · Answer 3 · answered Jul 20 '16 at 15:59

I do this:

...
ssl_args = {'ssl': {'ca': 'YOUR_SSL_CERT_PATH'}}

db_url = 'mysql://{}:{}@{}/{}'.format(username, password, server, database)
engine = create_engine(db_url, connect_args=ssl_args, echo=False)
cnx = engine.connect()
df = pd.read_sql_table('table_name', cnx)

And I'd suggest to not input a path like follows:

~/...

but:

/home/YOUR_USER/...

Flask-SQLAlchemy ssl-connection with AWS RDS error

3 Answers3

Linked