Whilst I get how a Web Application set up with AWS using an ELB can access a Standby DB in case of AZ failure, how does that work if using reporting via Tableau not in AWS or some other product using JDBC to connect to that AWS DB?
How does the re-direct occur automatically from the Master to StandBy DB in another AZ?
Do we need an ELB also for external reporting tools access, when not running in AWS themselves?
Rds and Aurora use DNS failover.
As long as you have multiAZ enabled, the failover is handled by AWS at the DNS level. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
Related
I have an autoscaling group that includes a launch template. In this launch template, I have included user data script to connect to the RDS instance on boot.
Is there a way to securely access RDS instance from the EC2 Autoscaling group?
Many thanks your help!
Extra info
PHP application on EC2 WebServer, it's basically just a simple form that sends data to RDS.
The following are some guidelines for accessing RDS securely from EC2:
Keep traffic within a VPC. RDS should be in a private subnet and EC2 instance(s) should be in private subnets as well
Lock down security group access. Configure the RDS instance to allow access only from the EC2 instances. I always suggest creating a DB server security group, and then a client security group. The DB server security group (attached to the DB instance) allows access from the client security group (attached to the EC2 instances).
As Kumaresh Babu N S suggested, use secrets manager for storing and retrieving DB credentials. There is also an option for automatically rotating the DB password with secrets manager for an extra layer of security.
I have some on-premise based frontend java servlet server, on-premise Java backend app server and one on-premise oracle database server. My Oracle client version is 12.1.0 . Java version is openjdk "1.8.0_222" . And using tomcat v7.0.55 for frontend servlets. The Architecture is like the backend server communicate with Oracle DB to process SQL queries.
Now I moved all my servers to AWS cloud docker based containers except Oracle DB. And my Java backend server is running on AWS docker is connecting to Oracle DB running in on-premise Datacenter.
Now I am facing an issue where the AWS based application having latency when it connects to on-premise database and the latency keeps increasing as the number of requests grows and eventually the application gets gateway timeout if the requests are keep on increasing. But strangely it will not happen if I connect my AWS tomcat frontend servers to on-premise java backend servers which talks to on-premise Oracle DB. it only happens when the AWS Java backend servers talks to on-premise Oracle DB. I am not sure why this is happening. Any ideas will be highly appreciated.
The issue is related to the DAO / ORM framework we using. If you use something like Hibernate , Spring it will work in a way where SQL calls are not optimized with join statements. So to fetch a 1000 objects there will be 1000+ SQL calls. So if there is a single digit millisecond latency in the network to Database it will boot to 1000 times delay time. So the solution was to keep Database as close as possible with the application.
I'm trying to build a webservice that talks to a SQL database hosted on a server in our internal network. The service is hosted by Azure as a Web App. Is there a good way of doing this? Do I have to use Azure Sql databases, and if I do, is there a way to have the Azure database act as a proxy for our internal database?
There are already rules permitting connections to the ports on our database server, so I don't think that's the problem. I see a lot of questions regarding connecting to Azure hosted sql databases, but nothing about connecting Azure web apps to other kinds of databases.
The error occurs when I try to call a stored procedure (via generated entity framework code) and is as follows:
Error occurred: System.Data.Entity.Core.EntityException: The underlying provider failed on Open. ---> System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
Our database is configured to allow remote connections, so what I'm guessing the Web App is having difficulty connecting to our vpn.
Please let me know if you need any additional information.
Thanks,
Josh
You can leverage Azure Hybrid Connections which is a feature of App service. Within App Service, Hybrid Connections can be used to access application resources in other networks. It provides access from your app to an application endpoint and uses Azure Relay service to connect to on-premise.
Check out the below link for more details :
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
First option is to look on azure app service hybrid connection but for you to do that you should have Windows server 2012 or above.
Azure App Service Hybrid
Azure App Service hybrid connection is good if you are pulling small amount of data.
If you are pulling large amount of data or your SQL server version is below server 2012 you have two options:
Azure Site to Site VPN
Azure SQL Data Sync
Azure SQL DB Sync is a feature that available on Azure SQL database. You can create a Azure SQL database on azure and sync your on-premise SQL database or SQL database table to Azure SQL database and you can connect your application to Azure SQL database instead of connecting to on-premise database server. This will increase your performance of your application.
We ended up adding the application to an Azure Virtual network that allowed connections to our on-prem servers. The remaining difficulties were due the wrong port numbers being open.
What was very helpful in debugging this was the Kudu console in Azure, under Advanced tools -> console. There you can run commands from the machine hosting your application like ping, or the below:
sqlcmd -S tcp:servername,1433 -U Username -d databasename -P password -q "SELECT * FROM tablename"
I have an on premise oracle database. Can I use anything on AWS e.g. API Gateway to query the database and expose the results via API? I know I could do API Gateway -> Lambda -> Oracle DB where the code in the Lambda function would query the database (assuming query takes less than 5 mins). Are there any other easy options that would be serverless and with minimal amount of code?
Basically I would like to find the simplest way to create an API layer over the top of an existing on premise oracle database so that applications (hosted on AWS) can access this data without connecting directly to the database. Does AWS provide anything out of the box?
There does not seem to be an out of the box way provided by AWS to connect API Gateway to your on premise Oracle DB. So basically the way you provided (API Gateway->Lambda->Oracle) should be the way to go.
Now the question is if you want to connect to your Oracle directly or if your want to create a replication of your database in RDS and create a synch mechanism between RDS and your on premise Oracle DB to keep the DB highly responsive and available (in case of network failure between AWS and your local network). I think that depends on how you access your DB on premise.
If your won't create an replica in RDS you should at least use a VPN connection to your local network to keep data transfer from on premise Oracle to AWS RDS secure.
Yes it is possible to use AWS Lambda and expose the API through API
Gateway. But that is the easy part.
The tough part is to get your On-Premise database connected to AWS
infrastructure. If you have an on premise database, and you are
working in a large enterprise, you will need to get through a lot of
approvals to setup a VPN or a AWS Direct Connect.
The ideal solution is to use AWS Direct Connect to extend your
corporate infrastructure to connect to AWS and then use Lambda to
connect to the DB.
Also there is no out of the box solution in AWS to connect to
OracleDB. At the most, you can wrap all business logic in Stored
Procedures, and execute them in the lambda function. You can always
use the JDBC from Lambda to connect and query your database.
Try this from AWS Marketplace https://aws.amazon.com/marketplace/pp/B01MU8W71L
my project requires me to use PHP and connect to the oracle database service hosted by our department. I want to use amazon ec2 to deploy the project. Is it able to connect to an external oracle database from amazon ec2 by PHP?
I've tried google app engine. It doesn't support external database connection. what a drawback!
Yes, it does. By default, Ec2 instances launched in EC2-Classic have full outbound access. So, the Ec2 instance can connect to your Oracle DB Provided your Oracle DB is accessible over the internet (in other words, your Oracle DB has a public IP address and you have firewall rules configured on your end to allow inbound access to Oracle DB).
If you Oracle DB is in a private network, then you need proxy server or SSH tunnel (or something similar) to connect to the instance.
Overall, there is no limitation on EC2 side.