Connecting to Aurora Serverless remotely

Question

I have an Aurora Serverless db cluster running MySQL. I'm trying to write an application that takes a string from a script and puts it onto the database.

I've been able to successfully connect to the cluster using my ec2 in PuTTY, a node program on the ec2, and MySQL Workbench, but I haven't been able to with my own code. I'm trying to use the node modules ssh2 and mysql2.

var mysql = require('mysql2');
var Client = require('ssh2').Client;

var ssh = new Client();
ssh.on('ready', function() {
  ssh.forwardOut(
    '127.0.0.1',
    12345,
    '127.0.0.1',
    3306,
    function (err, stream) {
      if (err) throw err;
      var sql = mysql.createConnection({
        host: 'my db endpoint',  
        user: 'root',
        password: 'pass',
        database: 'testdb',
        stream: stream
      //sql stuff
  });
}).connect({
    host: 'ec2-publicdns',
    port: '22',
    username: 'ec2-user',
    privateKey: require('fs').readFileSync('pkeyssh') //pem key converted to openssh using PuTTYgen
});

When I run this, I get: Error: (SSH) Channel open failure: Connection refused

Also, is Aurora serverless the correct solution for me? It seems as if there isn't a way to really talk to it without going through the ec2. Should I be looking for a different database host?

Answer 1

When you create an Aurora Serverless database, you configure a VPC security group, which dictates the rules about where connections can be opened from (CIDR block, and port). You can then grant access from this security group to others by name, or simply launch your application server from within the same security group, which will provide it access. You should not require SSH port forwarding to connect to the DB, even in a testing context.

There's a nice tutorial here: https://aws.amazon.com/getting-started/tutorials/configure-connect-serverless-mysql-database-aurora, and for more information on Database Security Groups please consult https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html.

Answer 2

Aurora Serverless is hosted inside an Amazon VPC. As per AWS documentation , it can only be accessed from inside the VPC (i.e. from an EC2/ Lambda that sits in the same VPC as the Aurora cluster). This is why you are able to access it from the EC2.

You have three options :

1. Access the serverless cluster from inside the VPC using an EC2 or Lambda.
2. Use hosted Aurora instead of serverless which can be accessed publicly.
3. Use the newly launched Data API to make secure HTTP connections to the serverless cluster from outside the VPC!