Deploy Drupal with Amazon RDS

TUTORIAL

Module 3: Configuring your RDS database

Configure the RDS database to allow access to specific entities

Overview

At this point, you have created an RDS database and an EC2 instance. In this module, we will configure the RDS database to allow access to specific entities.

Database security methods

There are a few ways to secure your database from unauthorized access. You will learn two of them in this module. They are:

  • Network security: Limiting access to your database instance by rejecting traffic that’s not from authorized IP addresses.
  • Password authentication and authorization: Limiting access to your database by requiring a username and password to access.

You will configure each of these in the steps below.

 Time to Complete

15 minutes

 Services Used

Implementation

Step 1 : Allow your EC2 instance to access your RDS database

In the previous module, you created security group rules to allow HTTP and HTTPS traffic to your Drupal EC2 instance. The same principle applies here. This time, you want to allow certain traffic from your EC2 instance into your RDS database.

 

First, you will modify the RDS database's Security Group to allow network access from your EC2 instance.

To configure this, go to the RDS databases in the AWS console. Click on the RDS database you created in an earlier module in this lab.

Scroll to the Connectivity & security tab in the display, and click on the security group listed in VPC security groups.

The console will take you to the security group configured for your database. Click the Inbound tab, then click the Edit button to change the rules for your security group.

The default security group has a rule that allows all inbound traffic from other instances in the default security group. However, since your Drupal EC2 instance is not in that security group, it will not have access to the RDS database.

Change the Type property to MYSQL/Aurora, if you chose the MySQL database engine, or PostgreSQL, if you chose the PostgreSQL database engine. Changing the Type will update the Protocol and Port Range to the proper values.

Then, remove the current security group value configured for the rule, and type “drupal” instead. The console will show the available security groups that are configured.

Click on the “Drupal EC2 SG” security group that you used for your EC2 instance.

After you click, it will fill in the security group ID. This rule will allow database access to any EC2 instance with that security group configured.

Note: the images shown are for a PostgreSQL configuration. If you chose MySQL as your database engine, you will see a different Port Range and Type in your security group rule. Do not alter these settings as the defaults are correct.

When you’re finished, hit the blue Save button to save your changes.

Step 2 : Connect to your EC2 instance

Now that your EC2 instance has access to your RDS database, you will use AWS Session manager to access your EC2 instance and run some configuration commands.

Go to the EC2 instances page in the AWS console. You should see the EC2 instance you created for the Drupal installation. Select the instance and choose “Connect” from the “Actions” menu from top right corner.

From the next “Connect to instance” screen choose “Session Manager” and then click “Connect” button.

You should see the following terminal in a new browser tab to indicate that you connected successfully:

Step 3 : Creating a database user (PostgreSQL)

You should have an active Session Manager session to your EC2 instance. Now, you will connect to your PostgreSQL database and create a user for your Drupal application.

If you chose a MySQL engine for your database, please skip to Step 4 to create a database user in MySQL.

First, run the following command in your terminal to install a PostgreSQL client to interact with the database.

sudo dnf install -y postgresql15

Next, find the hostname of your PostgreSQL database in the RDS console. In the details of your RDS database, the hostname will be shown as the Endpoint in the Connectivity & security section.

In your terminal, enter the following command to set an environment variable for your PostgreSQL host. Be sure to replace “<your-endpoint>” with the hostname of your RDS instance.

export PGHOST=<your-endpoint>

Next, run the following command in your terminal to connect to your PostgreSQL database. Replace “<user>” with the master username you configured when creating your RDS database.

psql --user=<user> --password drupal

The psql client will prompt you for a password after you enter the command. Enter the master password you configured when you created your database.

If the connection worked, your terminal should indicate connection to the PostgreSQL database as shown in the following image.

Finally, create a database user for your Drupal application and give it permission to access the “drupal” database.

Run the following commands in your terminal:

CREATE USER drupaluser WITH ENCRYPTED PASSWORD 'drupalpass';

GRANT ALL PRIVILEGES ON DATABASE drupal TO drupaluser;

GRANT CREATE ON SCHEMA public TO drupaluser;

ALTER DATABASE "drupal" SET bytea_output = 'escape';

\q

You should use a better password than “drupalpass” to secure your database.

Write down both the username and password that you configure, as it will be needed in the next module when setting up your Drupal installation.

In this module, you learned how to configure network and password security for your RDS database. Your EC2 instance now has network access to your RDS database. Further, you created a database user to be used by your Drupal application.

In the next module, you will configure your EC2 instance to run the Drupal application.

Step 4 : Creating a database user (MySQL)

You should have an active Session Manager session to your EC2 instance. Now, you will connect to your MySQL database and create a user for your Drupal application.

If you chose a PostgreSQL engine for your database, you can skip this step. You should have created a user in your PostgreSQL database in Step 3.

First, run the following command in your terminal to install a MySQL client to interact with the database.

sudo dnf install -y mariadb105

Next, find the hostname for your RDS database in the AWS console. In the details of your RDS database, the hostname will be shown as the Endpoint in the Connectivity & security section.

In your terminal, enter the following command to set an environment variable for your MySQL host. Be sure to replace “<your-endpoint>” with the hostname of your RDS instance.

export MYSQL_HOST=<your-endpoint>

Next, run the following command in your terminal to connect to your MySQL database. Replace “<user>” and “<password>” with the master username and password you configured when creating your RDS database.

mysql --user=<user> --password drupal

If the connection worked, your terminal should indicate connection to the MySQL database as shown in the following image.

Finally, create a database user for your Drupal application and give it permission to access the “drupal” database.

Run the following commands in your terminal:

CREATE USER 'drupal' IDENTIFIED BY 'drupal-pass';
GRANT ALL PRIVILEGES ON drupal.* TO drupal;FLUSH PRIVILEGES;
Exit

You should use a better password than “drupal-pass” to secure your database.

Write down both the username and password that you configure, as it will be needed in the next module when setting up your Drupal installation.

In this module, you learned how to configure network and password security for your RDS database. Your EC2 instance now has network access to your RDS database. Further, you created a database user to be used by your Drupal application.

In the next module, you will configure your EC2 instance to run the Drupal application.

Was this page helpful?

Configuring Drupal on EC2