I have an elastic beanstalk web server set up for my website, and have also created an ec2 server and installed mongodb on it so that I can use it as the database for my website. I know the database works, and I can add documents and access them from ec2. However, I wasn't sure how to connect to the mongodb server through PHP from another site (the one I created with elastic beanstalk).
Thank you for any help. I am pretty new with AWS, so if this is a poor website setup, any help would be appreciated.
Could you try under your instance for the EB> security and groups>click on your database instance and edit the inbound rules. Allow SSH/HTTPS/HTTP from your EB's instance.
Related
I have one mongo db hosted in AWS atlas account and my application is running in AWS EC2 instance. I want to access my DB using my application by VPC peering but it always ask for username password which i think is not a good practice because for this i need to hardcode dummy credentials in properties file.
Is there any way I can do this without using dummy credentials. Can I do this using private endpoint? Please suggest best practice used in industry for mongodb atlas.
Authentication is orthogonal to your network topology (VPC).
Authentication in Atlas is required. You can try using x.509 or aws authentication instead of passwords.
Our website hosted in one of AWS EC2 instance.
We have MongoDB installed in the separate EC2 instance (Note: MongoDB is not managed by AWS. We are maintaining in the EC2 server)
Our website is HTTPS enabled.
So my questions are
Do we still need TSL/SSL encryption for connecting to MongoDB from our website (which is in EC2), even though both are in AWS and our website is HTTPS
Do we see any performance issue if we enable TSL/SSL encryption for connection from the website
I have an AWS EC2 instance with Ubuntu 14.04, and have installed and populated a MongoDB service on this instance. My objective is to have an endpoint to CRUD with data present inside this MongoDB. I followed all the steps given in this tutorial here: http://www.bogotobogo.com/python/MongoDB_PyMongo/python_MongoDB_RESTAPI_with_Flask.php but this tutorial only teaches how to do this on localhost.
Can somebody help me with the modifications I have to make to make sure this code works for AWS EC2 instance as well?
For the EC2, I have given HTTPS and HTTP inbound access from 0.0.0.0/0 on top of SSH access.
Thanks!
I've got a spring boot app which is connected to mongodb atlas.
Everything is working locally.
I now want to publish this to pivotal cloud foundry.
Secure connection between PCF and atlas
In mongodb atlas I need to open up the firewall an allow certain ip numbers.
How should I configure mongodb atlas to connect to pcf in the most secure way?
Autoconfigure getting in the way
cloud foundry is overriding my connection urls to point to localhost:27017 instead of my atlas cluster.
What is the recommended way to connect to mongodb atlas?
In mongodb atlas I need to open up the firewall an allow certain ip numbers. How should I configure mongodb atlas to connect to pcf in the most secure way?
White listing IP addresses for applications that run on CF is not particularly effective. The reason it's not effective is that you don't know the IP address from which you'll be connecting, because it depends on where Diego decides to run your application. In other words, it depends on the cell where your application is told to run. To compound matters, that will change when you restart / restage your application.
Because the IP can vary, what you end up needing to do is white list all of your Cells. The problem with this and why it's not effective is that you've ended up white listing every app running on the platform.
What you can do to improve the security a bit is to make use of application security groups. ASG's can be used to limit outgoing traffic. You can also control them at the space level. That means you can configure your default running security group to not allow access to your MongoDb server, but you can allow access for individual spaces by binding an ASG to only those spaces with apps that need to talk to your MongoDb servers.
The downside of this approach is that it requires you to be a platform administrator, which means it will only work if you own your CF installation (not going to work for public providers).
More on ASG's here: https://docs.cloudfoundry.org/adminguide/app-sec-groups.html
For public providers, you can use a proxy. To make this work, you need to have your application configured to talk through a proxy when it attempts to access your Mongodb servers. You control the proxies, which have fixed IPs, so you can white list the proxies to allow access to just your app. If you don't want to run your own proxy servers, there are public proxy providers that you can use.
cloud foundry is overriding my connection urls to point to localhost:27017 instead of my atlas cluster. What is the recommended way to connect to mongodb atlas?
It's possible to disable auto configuration. One way is described in the docs here. If you include the Spring Cloud Connectors dependencies and use them manually, then the auto configuration will not run.
https://docs.cloudfoundry.org/buildpacks/java/spring-service-bindings.html#manual
The other option is to tell the Java build pack not to install the auto configuration. You can do that by setting the following environment variable for your application, either with cf set-env or via a manifest.yml file.
Ex: JBP_CONFIG_SPRING_AUTO_RECONFIGURATION='[enabled: false]'
Be careful if you do this as it will disable everything provided by the auto reconfiguration, which includes setting the "cloud" profile for your app. If you use this option to disable auto reconfiguration, you'll probably also want to set SPRING_PROFILES_ACTIVE='cloud' to manually enable the cloud profile.
I suppose your other option is to simply embrace the auto configuration. It's a little confusing / magical at first, but I've found this article to explain it very well.
https://spring.io/blog/2015/04/27/binding-to-data-services-with-spring-boot-in-cloud-foundry
Hope that helps!
I have deployed a Worksphere Liberty project from eclipse to Bluemix. Now I want to connect it with an existing Db2 database. What are the steps to follow?
Check out the example app Java DB Web Starter. It uses a DB2 database in Bluemix.
Does your existing database have a URL which is accessible from the internet? If so, you can directly talk to the database from your Bluemix application.
Class.forName("com.ibm.db2.jcc.DB2Driver");
Connection connection = connection = DriverManager.getConnection("jdbc:db2://localhost:50000/yourdb", "username", "pwd");
Be sure to package the db2 driver jar in your WEB-INF/lib.
If your datasource definition is already defined in a Liberty server.xml config, you can push the entire liberty server pacakge.
If your existing database is behind a company firewall, look at the Secure Gateway to expose the connection securely.
Assuming you need to connect to an existing DB2 database that resides on-premises (outside of Bluemix), you would need to use the Bluemix Cloud Integration service. With it, you can move data or create REST APIs for Bluemix applications to access and use.
https://www.ng.bluemix.net/docs/#services/CloudIntegration/index.html#gettingstartedwithcloudintegation