Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Flask-SQLAlchemy ssl-connection with AWS RDS error

Tags:

python

mysql

amazon-web-services

flask

aws-rds

I am trying to connect flask app mysql connection with AWS RDS over ssl , It works when I am try to use mysql client like this

mysql -u user -h myrds.rds.amazonaws.com -p --ssl-ca=rds-combined-ca-bundle.pem

I am able to login but when I am try with flask app

SQLALCHEMY_DATABASE_URI = 'mysql://user:[email protected]/miro_dev?ssl_cert=rds-combined-ca-bundle.pem'

it send me error

sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (2026, 'SSL connection error: Unable to get private key')

like image 924
abaid778 Avatar asked Apr 02 '16 11:04

abaid778

People also ask

How do I successfully connect to my Amazon RDS instance using an SSL connection?

For Amazon RDS for Oracle instances, you can turn on SSL mode by adding the SSL option in your custom option group. Amazon RDS for Oracle supports Transport Layer Security (TLS) versions 1.0 and 1.2. To use the Oracle SSL option, use the SQLNET. SSL_VERSION option setting in your option group.

How do I enforce SSL in RDS?

To enforce SSL, simply enable the newly introduced rds. force_ssl parameter ("0" by default) through the Parameter Groups page on the RDS Console, or through the CLI. Database instances that have this parameter enabled will only accept SSL connections.

How do I check my RDS SSL certificate?

Use openssl and talk to your DB endpoint from your client instance and describe your certificate. The certificate detail should list the issue date and expiry of your DB's certificate, and also the issuer CA's details. You need to confirm that the CA is the new 2019 (or 2020, not sure) RDS root CA.

3 Answers

I was able to get this work by adding

?sslmode=verify-ca&sslrootcert=rds-combined-ca-bundle.pem

to the connection string.

This came from the postgresql docs here along with the aws docs.

You can change the sslmode to require if you do not care about verifying the rds. I downloaded the pem file from here.

like image 122
TheHandofTheKing Avatar answered Sep 23 '22 22:09

TheHandofTheKing

I think that in your case the connection string is correct, you just need to use ssl_ca option and not ssl_cert:

SQLALCHEMY_DATABASE_URI = 'mysql://user:[email protected]/miro_dev?ssl_ca=rds-combined-ca-bundle.pem'
like image 25
Alex Pulver Avatar answered Sep 23 '22 22:09

Alex Pulver

I do this:

...
ssl_args = {'ssl': {'ca': 'YOUR_SSL_CERT_PATH'}}

db_url = 'mysql://{}:{}@{}/{}'.format(username, password, server, database)
engine = create_engine(db_url, connect_args=ssl_args, echo=False)
cnx = engine.connect()
df = pd.read_sql_table('table_name', cnx)

And I'd suggest to not input a path like follows:

~/...

but:

/home/YOUR_USER/...

like image 42
miguelfg Avatar answered Sep 25 '22 22:09

miguelfg
Sign in to Comment

Related questions

How does the "all" function in Python work?
Create object that cannot be pickled
Python - Add leading 0 to file numbers
GNU Radio OOT module AttributeError: 'module' object has no attribute 'MME_cpp'
Why doesn't my a* algorithm take the shortest route?
How to manage websockets across multiple servers / workers
django 1.9 not creating table for custom user model
How to pick the last valid output values from tensorflow RNN
Python: include a third party library in a personal Python package
Marking specific dates when visualizing a time series
Matplotlib: 3 plots plotted in 2 rows with single image centered
Binary response content, requests lib
Django - Login and redirect to user profile page
create new column in dataframe using fuzzywuzzy
Rasterio installation failing
Python: os.walk() with enumeration
Unordered version of itertools.permutations
Creating a package with several sub-packages in Python
Adding library directory to PyCharm
isinstance file python 2.7 and 3.5

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!