0

GOAL

Connecting EC2 Django API to RDS

Architecture

AWS VPC has two subnets

  • 1 private with the RDS instance
  • 1 public with my two EC2 servers
    • Main server: Hosts Django API connected to an internet gateway
    • Bastion server: Only authenticated SSH connections allowed, used for admin purposes on RDS instance

Background

I have established a successful connection on MySQL Workbench. SSH connection to EC2 server, then a connection to a MySQL RDS host is established. I am able to perform all C.R.U.D with this connection.

When I try and recreate this process manually on the command line, I can’t. I SSH to the EC2 server then try and connect to the RDS with SSH to MySQL at the same endpoint, user, port, and password but it fails.

When I try and run my Django server on the remove EC2 it also fails. I have the user, endpoint and password saved as environment variables. When I launch the Django Server it says connection failed.

This is frustrating since I am almost certain my AWS VPCs are configured correctly because I am able to connect via MySQL workbench, but when I try and connect manually or with Django, it does not work.

Terminal connection to EC2:

ssh -i [PRIVATE_KEY].pem [USER]@[IPv4_ADDRESS]

MySQL connection:

(venv) ubuntu@ip-10-0-1-146:~/BucketAPI$ mysql -h [DATABASE].[END_POINT].us-west-1.rds.amazonaws.com -P 3306 -u admin -p
Enter password: 
ERROR 1045 (28000): Access denied for user 'admin'@'10.0.1.146' (using password: YES)

The RDS instance is only available to both the servers via inbound rules, it has an outbound rule. These are shown here:
RDS Configuration
Security Groups Configurations

Django: settings.py (Django config)

# Database
# https://docs.djangoproject.com/en/4.0/ref/settings/#databases

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'bucket',
        'USER': os.getenv('BUCKET_RDS_USER'),
        'PASSWORD': os.getenv('BUCKET_RDS_PASS'),
        'HOST': os.getenv('BUCKET_RDS_HOST'),
        'PORT': '3306',
    }
}

Terminal output screenshots: Imgur Link to Screenshots

Garrett
  • 319
  • 1
  • 13
  • Have you added your EC2 ip in your security group inbound list? – Amir Sabzehparvar Jan 02 '22 at 01:29
  • 2
    if you can't connect from the command line (from the EC2 server), django isn't involved here at all, right? seems like your question should focus on that – ysth Jan 02 '22 at 01:30
  • @AmirSP yes, I have it configured like this: https://stackoverflow.com/questions/37212945/aws-cant-connect-to-rds-database-from-my-machine. For source, I have my public and bastion security groups ids – Garrett Jan 02 '22 at 02:13
  • @ysth you are correct, that would make the question more concise. However, I have tried manually on the terminal with no success. My terminal output is shown in the screenshot. I will edit the post to include it as text. – Garrett Jan 02 '22 at 02:19
  • @Garrett the problem is your RDS Setting not the EC2. Since you were able to connect to it via MySQL workbench, I assume the DB is publicly accessible. In your AWS dashboard, go to RDS and select the database and on the connectivity tab, click on the security group. make sure you have EC2 IP in the inbound rules. Here are AWS instructions. https://aws.amazon.com/premiumsupport/knowledge-center/rds-cannot-connect/ – Amir Sabzehparvar Jan 02 '22 at 04:27
  • @AmirSP I've read through your documentation link, I believe it must be a misconfiguration with the security groups. I added screenshots of the security group configurations to the post. I tried adding the Bastion server local IP to the inbound security rule ("Bastion-IP-Access") but the connection still did not work. – Garrett Jan 02 '22 at 08:01
  • 2
    This is **NOT** a security group issue. You would be getting network timeouts instead of access denied errors if this was a security group issue. The suggestions you are getting to add IP addresses to the security group rules is wrong, and is a bad practice anyway. You already have the EC2 security group IDs allowed in the RDS security group, which is the preferred way to configure the RDS security group. – Mark B Jan 02 '22 at 15:07
  • 2
    It appears you either have the database account username or password wrong. Make sure you aren't copy/pasting the database password with a space at the end of it or something. – Mark B Jan 02 '22 at 15:09
  • @MarkB Thank you so much you have solved a HUGE problem of mine. I misspelled the password. Only the 100th time my misspelling cost me a week of debugging. Was there any sensitive info in my question? Or should I leave this question up? – Garrett Jan 02 '22 at 19:30
  • @Garrett I don't see any sensitive info in the question. – Mark B Jan 03 '22 at 14:15

0 Answers0