Getting Started / Hands-on / ...

Getting Started with AWS

Deploy Drupal with Amazon RDS

Introduction
Creating a Database with RDS
Creating an EC2 Instance
Configuring Your RDS Database
Configuring Drupal on EC2
Clean Up and Next Steps

Module 3: Configuring your RDS database

Configure the RDS database to allow access to specific entities

Overview

At this point, you have created an RDS database and an EC2 instance. In this module, we will configure the RDS database to allow access to specific entities.

Database security methods

There are a few ways to secure your database from unauthorized access. You will learn two of them in this module. They are:

  • Network security: Limiting access to your database instance by rejecting traffic that’s not from authorized IP addresses.
  • Password authentication and authorization: Limiting access to your database by requiring a username and password to access.

You will configure each of these in the steps below.

 Time to Complete

15 minutes

 Services Used

Amazon RDS
Amazon EC2

Implementation

  • First, you will modify RDS database to allow network access from your EC2 instance.

    In the previous module, you created security group rules to allow SSH and HTTP traffic to your Drupal EC2 instance. The same principle applies here. This time, you want to allow certain traffic from your EC2 instance into your RDS database.

    To configure this, go to the RDS databases in the AWS console. Click on the RDS database you created in an earlier module in this lab.

    Click on the RDS database you created in an earlier module in this lab

    Scroll to the Connectivity & security tab in the display, and click on the security group listed in VPC security groups.

    Click on the security group listed in VPC security groups

    The console will take you to the security group configured for your database. Click the Inbound tab, then click the Edit button to change the rules for your security group.

    Click the Inbound tab

    The default security group has a rule that allows all inbound traffic from other instances in the default security group. However, since your Drupal EC2 instance is not in that security group, it will not have access to the RDS database.

    Change the Type property to MYSQL/Aurora, if you chose the MySQL database engine, or PostgreSQL, if you chose the PostgreSQL database engine. Changing the Type will update the Protocol and Port Range to the proper values.

    Change the Type property

    Then, remove the current security group value configured for the rule, and type “drupal” instead. The console will show the available security groups that are configured.

    Remove the current security group value configured for the rule, and type “drupal” instead

    Click on the “drupal” security group that you used for your EC2 instance.

    Click on the “drupal” security group that you used for your EC2 instance

    After you click, it will fill in the security group ID. This rule will allow database access to any EC2 instance with that security group configured.

    Note: the images shown are for a PostgreSQL configuration. If you chose MySQL as your database engine, you will see a different Port Range and Type in your security group rule. Do not alter these settings as the defaults are correct.

    When you’re finished, hit the blue Save button to save your changes.

    When you’re finished, hit the blue Save button to save your changes

  • Now that your EC2 instance has access to your RDS database, you will SSH into your EC2 instance and run some configuration commands.

    Go to the EC2 instances page in the AWS console. You should see the EC2 instance you created for the Drupal installation. Click on it, and you will see a public IP address labeled IPv4 Public IP in the instance description.

    Go to the EC2 instances page in the AWS console

    Save this IP address, as you will need it when you SSH into your instance.

    Previously, you download the .pem file for the key pair of your instance. Locate that file now. It will likely be in a Downloads folder on your filesystem.

    For Mac or Linux users:
    Open a terminal window. If you are on a Mac, you can use the default Terminal program that is installed, or you can use your own terminal.

    In your terminal, run the following commands to SSH into your instance. Replace the “<path/to/pem/file>” with the path to your file, e.g. “~/Downloads/drupal.pem”, and the “<publicIpAddress>” with the public IP address for your EC2 instance.

    chmod 600 <path/to/pem/file>
ssh -i <path/to/pem/file> ec2-user@<publicIpAddress>

    You should see the following in your terminal to indicate that you connected successfully:

    For Windows users:
    You will need to use PuTTY, an SSH client for Windows, to connect to your EC2 instance. For instructions on doing this, see this guide for Connecting to your Linux instance from Windows using PuTTY. You will need the .pem file you downloaded and the public IP address of your EC2 instance.

    In this step, you connected to your EC2 instance via SSH. In the next step, you will connect to your RDS database from your EC2 instance and create a database user for the Drupal application.

    You should see the following in your terminal to indicate that you connected successfully

  • You should have an active SSH session to your EC2 instance in the terminal. Now, you will connect to your PostgreSQL database and create a user for your Drupal application.

    If you chose a MySQL engine for your database, please skip to Step 4 to create a database user in MySQL.

    First, run the following command in your terminal to install a PostgreSQL client to interact with the database.

    sudo yum install -y postgresql

    Next, find the hostname of your PostgreSQL database in the RDS console. In the details of your RDS database, the hostname will be shown as the Endpoint in the Connectivity & security section.

    The details of your RDS database

    In your terminal, enter the following command to set an environment variable for your PostgreSQL host. Be sure to replace “<your-endpoint>” with the hostname of your RDS instance.

    export PGHOST=<your-endpoint>

    Next, run the following command in your terminal to connect to your PostgreSQL database. Replace “<user>” with the master username you configured when creating your RDS database.

    psql --user=<user> --password drupal

    The psql client will prompt you for a password after you enter the command. Enter the master password you configured when you created your database.

    If the connection worked, your terminal should indicate connection to the PostgreSQL database as shown in the following image.

    If the connection worked, your terminal should indicate connection to the PostgreSQL database as shown

    Finally, create a database user for your Drupal application and give it permission to access the “drupal” database.

    Run the following commands in your terminal:

    CREATE USER drupaluser WITH ENCRYPTED PASSWORD 'drupalpass';
GRANT ALL PRIVILEGES ON DATABASE drupal TO drupaluser;
ALTER DATABASE "drupal" SET bytea_output = 'escape';
\q

    You should use a better password than “drupalpass” to secure your database.

    Write down both the username and password that you configure, as it will be needed in the next module when setting up your Drupal installation.

    In this module, you learned how to configure network and password security for your RDS database. Your EC2 instance now has network access to your RDS database. Further, you created a database user to be used by your Drupal application.

    In the next module, you will configure your EC2 instance to run the Drupal application.

  • You should have an active SSH session to your EC2 instance in the terminal. Now, you will connect to your MySQL database and create a user for your Drupal application.

    If you chose a PostgreSQL engine for your database, you can skip this step. You should have created a user in your PostgreSQL database in Step 3.

    First, run the following command in your terminal to install a MySQL client to interact with the database.

    sudo yum install -y mysql

    Next, find the hostname for your RDS database in the AWS console. In the details of your RDS database, the hostname will be shown as the Endpoint in the Connectivity & security section.

    The details of your RDS database

    In your terminal, enter the following command to set an environment variable for your MySQL host. Be sure to replace “<your-endpoint>” with the hostname of your RDS instance.

    export MYSQL_HOST=<your-endpoint>

    Next, run the following command in your terminal to connect to your MySQL database. Replace “<user>” and “<password>” with the master username and password you configured when creating your RDS database.

    mysql --user=<user> --password=<password> drupal

    If the connection worked, your terminal should indicate connection to the MySQL database as shown in the following image.

    If the connection worked, your terminal should indicate connection to the MySQL database as shown

    Finally, create a database user for your Drupal application and give it permission to access the “drupal” database.

    Run the following commands in your terminal:

    CREATE USER 'drupal' IDENTIFIED BY 'drupal-pass';
GRANT ALL PRIVILEGES ON drupal.* TO drupal;
FLUSH PRIVILEGES;
Exit

    You should use a better password than “drupal-pass” to secure your database.

    Write down both the username and password that you configure, as it will be needed in the next module when setting up your Drupal installation.

    In this module, you learned how to configure network and password security for your RDS database. Your EC2 instance now has network access to your RDS database. Further, you created a database user to be used by your Drupal application.

    In the next module, you will configure your EC2 instance to run the Drupal application.

Was this module helpful?

 Feedback
Start Module Four

Configuring Drupal on EC2