At this point, you have created an RDS database and an EC2 instance. In this module, we will configure the RDS database to allow access to specific entities.

Time to Complete Module: 15 Minutes


It is critical to secure your database from unauthorized access, and there are a number of strategies you can use to add security to your database. You will learn two of them in this module. They are:

Network security: Limiting access to your database instance by rejecting traffic that’s not from authorized IP addresses

Password authentication and authorization: Limiting access to your database by requiring a username and password to access.

You will configure each of these in the steps below.


  • Step 1. Allow your EC2 instance to access your RDS database

    First, you will modify your RDS database to allow network access from your EC2 instance.

    In the previous module, you created security group rules to allow SSH and HTTP traffic to your WordPress EC2 instance. The same principle applies here. This time, you want to allow certain traffic from your EC2 instance into your RDS database.

    To configure this, go to the RDS databases in the AWS console. Click on the MySQL database you created in an earlier module in this lab.

    Module3-step1a

    (Click to enlarge)

    Module3-step1a

    Scroll to the Connectivity & security tab in the display, and click on the security group listed in VPC security groups.

    Module3-step1b

    (Click to enlarge)

    Module3-step1b

    The console will take you to the security group configured for your database. Click the Inbound tab, then click the Edit button to change the rules for your security group.

    Module3-step1c

    (Click to enlarge)

    Module3-step1c

    The default security group has a rule that allows all inbound traffic from other instances in the default security group. However, since your WordPress EC2 instance is not in that security group, it will not have access to the RDS database.

    Change the Type property to MYSQL/Aurora, which will update the Protocol and Port Range to the proper values.

    Module3-step1d

    (Click to enlarge)

    Module3-step1d

    Then, remove the current security group value configured for the rule, and type “wordpress” instead. The console will show the available security groups that are configured.

    Module3-step1e

    (Click to enlarge)

    Module3-step1e

    Click on the “wordpress” security group that you used for your EC2 instance.

    Module3-step1f

    (Click to enlarge)

    Module3-step1f

    After you click, it will fill in the security group ID. This rule will allow MySQL access to any EC2 instance with that security group configured.

    When you’re finished, hit the blue Save button to save your changes.

    Module3-step1g

    (Click to enlarge)

    Module3-step1g
  • Step 2. SSH into your EC2 instance

    Now that your EC2 instance has access to your RDS database, you will SSH into your EC2 instance and run some configuration commands.

    Go to the EC2 instances page in the AWS console. You should see the EC2 instance you created for the WordPress installation. Click on it, and you will see a public IP address labeled IPv4 Public IP in the instance description.

    Module3-step2a

    (Click to enlarge)

    Module3-step2a

    Save this IP address, as you will need it when you SSH into your instance.

    Previously, you downloaded the .pem file for the key pair of your instance. Locate that file now. It will likely be in a Downloads folder on your desktop.

    For Mac or Linux users:

    Open a terminal window. If you are on a Mac, you can use the default Terminal program that is installed, or you can use your own terminal.

    In your terminal, run the following commands to SSH into your instance. Replace the “<path/to/pem/file>” with the path to your file, e.g. “~/Downloads/wordpress.pem”, and the “<publicIpAddress>” with the public IP address for your EC2 instance.

    	chmod 600 <path/to/pem/file>
    	ssh -i <path/to/pem/file> ec2-user@<publicIpAddress>

    You should see the following in your terminal to indicate that you connected successfully:

    Module3-step2b

    (Click to enlarge)

    Module3-step2b

    For Windows users:

    You will need to use PuTTY, an SSH client for Windows, to connect to your EC2 instance. For instructions on doing this, see this guide for Connecting to your Linux instance from Windows using PuTTY. You will need the .pem file you downloaded and the public IP address of your EC2 instance.

    In this step, you connected to your EC2 instance via SSH. In the next step, you will connect to your RDS database from your EC2 instance and create a database user for the WordPress application.

  • Step 3. Creating a database user

    You should have an active SSH session to your EC2 instance in the terminal. Now, you will connect to your MySQL database.

    First, run the following command in your terminal to install a MySQL client to interact with the database.

    sudo yum install -y mysql

    Next, find the hostname for your RDS database in the AWS console. In the details of your RDS database, the hostname will be shown as the Endpoint in the Connectivity & security section.

    Module3-step3a

    (Click to enlarge)

    Module3-step3a

    In your terminal, enter the following command to set an environment variable for your MySQL host. Be sure to replace “<your-endpoint>” with the hostname of your RDS instance.

    export MYSQL_HOST=<your-endpoint>

    Next, run the following command in your terminal to connect to your MySQL database. Replace “<user>” and “<password>” with the master username and password you configured when creating your RDS database.

    mysql --user=<user> --password=<password> wordpress

    If you connected successfully, your terminal should indicate connection to the MySQL database as shown in the following image.

    Module3-step3b

    (Click to enlarge)

    Module3-step3b

    Finally, create a database user for your WordPress application and give it permission to access the “wordpress” database.

    Run the following commands in your terminal:

    CREATE USER 'wordpress' IDENTIFIED BY ‘wordpress-pass';
    GRANT ALL PRIVILEGES ON wordpress.* TO wordpress;
    FLUSH PRIVILEGES;
    Exit

    You should use a better password than “wordpress-pass” to secure your database.

    Write down both the username and password that you configure, as it will be needed in the next module when setting up your WordPress installation.

    In this module, you learned how to configure network and password security for your RDS database. Your EC2 instance now has network access to your RDS database. Further, you created a database user to be used by your Wordpress application.

    In the next module, you will configure your EC2 instance to run the Wordpress application.