Hi Is there any one who can help me out with this....
I was trying to automate some DB scripts migration using Jenkins. All I am doing is Using a Jenkins job trying to migrate DB scripts which are in GIT repository to AWS server (SQL server 2008-R2) and execute those scripts...
What all the server and access credentials I need to have from DB server end(like access key, secret key, DNS name..etc) in order to configure a Jenkins job.
SQL access to the DB
For SQL access to the DB you need the following:
Hostname or RDS endpoint
TCP port number
DB name
DB user
DB password
The Jenkins machine needs network access to the DB host, which means you need to allow this in the Security Groups and have VPC connectivity.
AWS API access
For API access to AWS, the best practice is to have an IAM role assigned to the Jenkins machine. The role should have necessary permissions in the IAM policies attached to it.
In addition, you need to have internet access from the Jenkins machine or configure VPC endpoints so that Jenkins can reach the AWS API.
NOTE: You can't assign an IAM role to an existing EC2 machine. IAM roles can only be assigned during instance creation.
Related
I have an autoscaling group that includes a launch template. In this launch template, I have included user data script to connect to the RDS instance on boot.
Is there a way to securely access RDS instance from the EC2 Autoscaling group?
Many thanks your help!
Extra info
PHP application on EC2 WebServer, it's basically just a simple form that sends data to RDS.
The following are some guidelines for accessing RDS securely from EC2:
Keep traffic within a VPC. RDS should be in a private subnet and EC2 instance(s) should be in private subnets as well
Lock down security group access. Configure the RDS instance to allow access only from the EC2 instances. I always suggest creating a DB server security group, and then a client security group. The DB server security group (attached to the DB instance) allows access from the client security group (attached to the EC2 instances).
As Kumaresh Babu N S suggested, use secrets manager for storing and retrieving DB credentials. There is also an option for automatically rotating the DB password with secrets manager for an extra layer of security.
We are using Azure Data Factory (ADFv2) to move data from on-prem Sql Server to Azure cloud, using a self-hosted Integration Runtime (IR).
Saving sql credentials in keyVault works great, but I wanted to know if self-hosted IR could be configured to use Windows Integrated Security to connect to on-prem Sql Server sources. Can the IR service be configured to run as a windows user that has permissions to connect to sql?
I am going to try it out myself, but wanted to post a question here in case someone has already tried it. I could not find any ADF documentation on this.
Can the IR service be configured to run as a windows user that has permissions to connect to sql?
No. And this is intentional, because if that were allowed:
The IR service account would accumulate privileges
and
The users of any linked data factory would be able to use those privileges
So the IR only handles network connectivity, and data factory users must bring their own credentials for accessing source systems.
I'm trying to build a webservice that talks to a SQL database hosted on a server in our internal network. The service is hosted by Azure as a Web App. Is there a good way of doing this? Do I have to use Azure Sql databases, and if I do, is there a way to have the Azure database act as a proxy for our internal database?
There are already rules permitting connections to the ports on our database server, so I don't think that's the problem. I see a lot of questions regarding connecting to Azure hosted sql databases, but nothing about connecting Azure web apps to other kinds of databases.
The error occurs when I try to call a stored procedure (via generated entity framework code) and is as follows:
Error occurred: System.Data.Entity.Core.EntityException: The underlying provider failed on Open. ---> System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
Our database is configured to allow remote connections, so what I'm guessing the Web App is having difficulty connecting to our vpn.
Please let me know if you need any additional information.
Thanks,
Josh
You can leverage Azure Hybrid Connections which is a feature of App service. Within App Service, Hybrid Connections can be used to access application resources in other networks. It provides access from your app to an application endpoint and uses Azure Relay service to connect to on-premise.
Check out the below link for more details :
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
First option is to look on azure app service hybrid connection but for you to do that you should have Windows server 2012 or above.
Azure App Service Hybrid
Azure App Service hybrid connection is good if you are pulling small amount of data.
If you are pulling large amount of data or your SQL server version is below server 2012 you have two options:
Azure Site to Site VPN
Azure SQL Data Sync
Azure SQL DB Sync is a feature that available on Azure SQL database. You can create a Azure SQL database on azure and sync your on-premise SQL database or SQL database table to Azure SQL database and you can connect your application to Azure SQL database instead of connecting to on-premise database server. This will increase your performance of your application.
We ended up adding the application to an Azure Virtual network that allowed connections to our on-prem servers. The remaining difficulties were due the wrong port numbers being open.
What was very helpful in debugging this was the Kudu console in Azure, under Advanced tools -> console. There you can run commands from the machine hosting your application like ping, or the below:
sqlcmd -S tcp:servername,1433 -U Username -d databasename -P password -q "SELECT * FROM tablename"
I have SSIS packages that have connections that use project params(only database and server), the actual login is set to windows authentication.
So when a SQL Server Agent runs that job step(package) how does it connect with windows authentication? Does it use it's own service account? If so as long as the service account has the same permissions as my windows account it shouldn't have issues right? All the objects in the SSIS packages are tables stored in that same server instance.
If I had external objects that use tables on different servers and such would it encounter issues then?
If the job owner is sysadmin and different server are in same domain it should be straight foward.
The secure way is to create a proxy on sql and give the Windows auth credentials. Then configured the package to run as "proxy defined".
my project requires me to use PHP and connect to the oracle database service hosted by our department. I want to use amazon ec2 to deploy the project. Is it able to connect to an external oracle database from amazon ec2 by PHP?
I've tried google app engine. It doesn't support external database connection. what a drawback!
Yes, it does. By default, Ec2 instances launched in EC2-Classic have full outbound access. So, the Ec2 instance can connect to your Oracle DB Provided your Oracle DB is accessible over the internet (in other words, your Oracle DB has a public IP address and you have firewall rules configured on your end to allow inbound access to Oracle DB).
If you Oracle DB is in a private network, then you need proxy server or SSH tunnel (or something similar) to connect to the instance.
Overall, there is no limitation on EC2 side.