How to use Alembic with a SSL connection?

Question

I use Alembic to manage my migrations. My database is on AWS, and I want to connect it with SSL.

In my alembic.ini I have the lines

[production]
script_location = alembic_prod
sqlalchemy.url = mysql+pymysql://user:password@my-rds-host.eu-west-1.rds.amazonaws.com/mydatabase

Of course, it works if user have the permission to connect the base without SSL, but not otherwise.

How to require a SSL connection, and specify the certificate ?

score 1 · Accepted Answer · answered Sep 20 '17 at 10:58

1

You first need the certificate bundle -

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport

You then would add the appropriate parameter to your URL like shown here -

How to connect to mysql server with SSL from a flask app

answered Sep 20 '17 at 10:58

BryceH

2,740
2
21
24

I had 2 problems : First it can't be done with old versions of python, because SSLContext was introduced in 2.7.9 And finally, with RDS, it works with the `ssl_ca` option in the url, which is not mentioned in the post. – DaMaill Sep 20 '17 at 12:59

score 1 · Answer 2 · answered Aug 03 '21 at 21:29

To repeat the previous answer with more specific steps:

Download the RDS certificate bundle from https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem
Use the ssl_key option to point to the certificate:

sqlalchemy.url = mysql+pymysql://user:password@my-rds-host.eu-west-1.rds.amazonaws.com/mydatabase?ssl_key=/Users/DaMaill/Downloads/rds-ca-2019-root.pem

How to use Alembic with a SSL connection?

2 Answers2

Linked