Deploy WordPress with Amazon RDS
Module 3
Module 3: Configuring Your Amazon RDS Database
In this module, you will configure the Amazon RDS database to allow access to specific entities
Overview
At this point, you have created an Amazon RDS database and an EC2 instance. In this module, we will configure the Amazon RDS database to allow access to specific entities.
What you will accomplish
Time to complete
15 minutes
Services used
Database security methods
It is critical to secure your database from unauthorized access, and there are a number of strategies you can use to add security to your database. You will learn two of them in this module. They are:
- Network security: Limiting access to your database instance by rejecting traffic that’s not from authorized IP addresses
- Password authentication and authorization: Limiting access to your database by requiring a username and password to access.
You will configure each of these in the steps below.
Implementation
-
Allow your EC2 instance to access your Amazon RDS databaseFirst, you will modify your Amazon RDS database to allow network access from your EC2 instance.
In the previous module, you created security group rules to allow SSH and HTTP traffic to your WordPress EC2 instance. The same principle applies here. This time, you want to allow certain traffic from your EC2 instance into your Amazon RDS database.
a. To configure this, go to the Amazon RDS databases page in the AWS console. Choose the MySQL database you created in the earlier module in this guide.
.ce01724a05863a841dd82c31b6f404cca1c8b294.png "Click on the MySQL database you created in an earlier module in this lab.")
b. Scroll to the Connectivity & security tab in the display and choose the security group listed in VPC security groups. The console will take you to the security group configured for your database.
.3172bce361c6c47d67d6ab8fe53f0f3601864901.png "Click on the security group listed in VPC security groups.")
c. Select the Inbound rules tab, then choose the Edit inbound rules button to change the rules for your security group.
.bdae1fb7c6e2e5a94f5c512928d5480b1ee5b5a2.png "Click the Inbound tab, then click the Edit button to change the rules for your security group.")
d. The default security group has a rule that allows all inbound traffic from other instances in the default security group. However, since your WordPress EC2 instance is not in that security group, it will not have access to the Amazon RDS database.Change the Type property to MYSQL/Aurora, which will update the Protocol and Port range to the proper values. Then, remove the current security group value configured for the Source.
.63221d9bb953dba2fcede4e80ff4c41377bce6a6.png "Change the Type property to MYSQL/Aurora.")
.c81bb26c1d27983076e51a52538c2023e633b839.png "Change the Type property to MYSQL/Aurora.")
e. For Source, enter wordpress. The console will show the available security groups that are configured. Choose the wordpress security group that you used for your EC2 instance.
.fa2eefaf016ff4a9f0b14cbce9b18328e8f3ca71.png "Then, remove the current security group value configured for the rule, and type “wordpress” instead.")
f. After you choose the wordpress security group, the security group ID will be filled in. This rule will allow MySQL access to any EC2 instance with that security group configured.
When you’re finished, choose the Save rules button to save your changes..66df7580a2a9960bc2cac8d8d634228a066ddcdc.png "Click on the “wordpress” security group that you used for your EC2 instance.")
-
SSH into your EC2 instanceNow that your EC2 instance has access to your Amazon RDS database, you will use SSH to connect to your EC2 instance and run some configuration commands.
a. Go to the EC2 instances page in the console. You should see the EC2 instance you created for the WordPress installation. Select it and you will see the Public IPv4 address and the Public IPv4 DNS in the instance description.
.ce8131e3f1b3d8ecfc3a2843d2523f615bcda488.png "You will see a public IP address labeled IPv4 Public IP in the instance description.")
b. Previously, you downloaded the .pem file for the key pair of your instance. Locate that file now. It will likely be in a Downloads folder on your desktop.For Mac or Linux users:Open a terminal window. If you are on a Mac, you can use the default Terminal program that is installed, or you can use your own terminal.In your terminal, run the following commands to use SSH to connect to your instance. Replace the “<path/to/pem/file>” with the path to your file, e.g., “~/Downloads/wordpress.pem”, and the “<publicIpAddress>” with the public IP address for your EC2 instance.
chmod 400 <path/to/pem/file> ssh -i <path/to/pem/file> ec2-user@<public_IP_DNSAddress>You should see the following in your terminal to indicate that you connected successfully:
For Windows users:You will need to use PuTTY, an SSH client for Windows, to connect to your EC2 instance. For instructions on doing this, see this guide for Connecting to your Linux instance from Windows using PuTTY. You will need the .pem file you downloaded and the public IP address of your EC2 instance.In this step, you connected to your EC2 instance using SSH. In the next step, you will connect to your Amazon RDS database from your EC2 instance and create a database user for the WordPress application.
-
Create a database userYou should have an active SSH session to your EC2 instance in the terminal. Now, you will connect to your MySQL database.First, run the following command in your terminal to install a MySQL client to interact with the database.
sudo yum install -y mysqlNote: If an error occurs with this command, please verify you launched the right EC2 instance in module 2.Next, find the hostname for your Amazon RDS database in the AWS console. In the details of your Amazon RDS database, the hostname will be shown as the Endpoint in the Connectivity & security section.a. Go to the Amazon RDS databases page in the AWS console. You should see the wordpress database you created for the WordPress installation. Select it to find the hostname for your Amazon RDS database.
b. In the details of your Amazon RDS database, the hostname will be shown as the Endpoint in the Connectivity & security section.
.32fa98c303b7d6a1ae6bed54a7cbb89453b8351a.png "Next, find the hostname for your RDS database in the AWS console.")
In your terminal, enter the following command to set an environment variable for your MySQL host. Be sure to replace “<your-endpoint>” with the hostname of your RDS instance.
export MYSQL_HOST=<your-endpoint>Next, run the following command in your terminal to connect to your MySQL database. Replace “<user>” and “<password>” with the master username and password you configured when creating your Amazon RDS database.
mysql --user=<user> --password=<password> wordpressFinally, create a database user for your WordPress application and give the user permission to access the wordpress database.Run the following commands in your terminal:
CREATE USER 'wordpress' IDENTIFIED BY 'wordpress-pass'; GRANT ALL PRIVILEGES ON wordpress.* TO wordpress; FLUSH PRIVILEGES; ExitAs a best practice, you should use a better password than wordpress-pass to secure your database.
Write down both the username and password that you configure, as they will be needed in the next module when setting up your WordPress installation.In this module, you learned how to configure network and password security for your Amazon RDS database. Your EC2 instance now has network access to your Amazon RDS database. Further, you created a database user to be used by your WordPress application.In the next module, you will configure your EC2 instance to run the WordPress application.