AWS: How To Setup Postgres Security on EC2 - postgresql

I have two machines in amazon. web01 and db01. I installed PostgreSQL on db01, and added the elastic ip of web01 to the pg_hba.conf
host dbname username 64.210.245.155/32 md5
and restarted the postgresql service. Now in web01 I tried to connect to the elastic ip of db01
$ psql -h 64.210.255.222 -U user -d database
psql: could not connect to server: No route to host
Is the server running on host "64.210.255.222" and accepting
TCP/IP connections on port 5432?
I also added the elastic ip of web01 to db01's security group for inbound traffic. What am I doing wrong and how can I get web01 to connect to pg on db01?

To start with, you want to be connecting to the internal IP. You can use the DNS name if your elastic IP as it will resolve to an internal IP within AWS instead of using the elastic IP directly.
Secondly, all public IPs are assigned via NAT. If your service tries to listen to that IP address it will fail. Generally the best thing to do is listen to all IPs, unless you are using VPC and have control of the internal IP.
Lastly, you will provide access to the web security group within the db security group. Even if two instances are in the same security group, they will not be able to access each other unless the group is given access to itself.

Related

How can I connect to a PostgreSQL server running inside a Docker container on a GCP virtual machine?

I have pgAdmin4 and PostgreSQL running inside Docker containers on a GCP virtual machine. I have already ingested data into PostgreSQL and I can access the tables and databases using pgcli. However, I am unable to connect to pgAdmin4. How can I connect to the pgAdmin4?
You will access pgadmin with your browser.
When you start up the pgadmin container, you should have configured a port mapping. Add a firewall rule to your VM's network configuration for this mapped port (for example, I've configured an ingress firewall rule for 15432 because I mapped 15432 to 80 in my docker config).
Example snippet from docker-compose:
ports:
- 15432:80
Assuming you have configured an external IP address, use the external IP address and the port number in your browser to access pgadmin. Like this, where XX.XX.XX.XXX is your external IP and 15432 was mapped to port 80:
http://XX.XX.XX.XXX:15432/login

is it possible to connect to AWS RDS db instance(postgres) through ubuntu server installed out of aws(in my local)?

Actually i have to migrate the data from AWS RDS postgres to on premises postgres.
For this i have to establish connectivity between my AWS RDS db instance and on premises(ubuntu server).
I have already configured the inbound rules of security group in my RDS DB instance. But still i am not able to connect to AWS RDS db instance directly through my Ubuntu Machine..
Is there any issue with the firewall of my VM??
Error which i am getting:
psql: error: could not connect to server: Connection timed out
Is the server running on host "XXXXXX" (X.X.X.X/X) and accepting
TCP/IP connections on port 5432?
The database setting for publicly accessible is set to NO.
There are both public as well as private subnet associated with my RDS instance.
i have provided the type as postgreSQL , port 5432 , protocol TCP, source custom ip (X.X.X.X/32)
Any help will be much appreciated.
To access an Amazon RDS database from the Internet:
Set the database to Publicly Accessible = Yes (This resolves the DNS name to a Public IP address)
Put the database in a Public Subnet (Mixing public & private subnets in a Subnet Group is not advisable, because the results will be random! It will only be in one subnet at any time, but might change subnets when upgraded or failover is triggered.)
Add a Security Group that allows Inbound access on the appropriate port (PostgreSQL = 5432) from your IP address
Reference the database via its DNS Name shown in the Amazon RDS management console
Alternatively, keep the database in a Private Subnet and access via a VPN Connection or by Port Forwarding via a Bastion Server.

AWS EC2 SSH Tunnel Bastion Server

Trying to understand how this works, documentation isn't very clear. Using AWS quickstart-mongo, I am making a VPN for 3 Mongo nodes, with a bastion server. I can log into my bastion server via SSH and my key. Then I can copy the key to bastion server and SSH into the primary replica node. This node is running mongo and shows via rs.status() that all 3 nodes are running correctly.
Once logged into bastion server, I try to do curl primary-mongo-node-ip:27017, and it seems to hang.
Local Computer -> Bastion Server -> Replica Node 1 / 2 / 3
I think I understand I need to somehow connect to Bastion server, then set up a ssh forwarding to primary-mongo-node-ip:27017, sec1-mongo-node-ip:27017, sec2-mongo-node-ip:27017, so that my mongo URI connection looks like this:
SSH into bastion-dns
mongodb://user:pass#localhost:1000,localhost:1001,localhost:1002/database
How do I do this when I cant event connect to the server on bastion servers without SSH?
Assuming that the Mongo instances allow traffic from Bastion Host (in security groups) for required ports, you can use SSH tunnelling mechanism to access the cluster/instance from your local host:
ssh -N -L <local_port_x>:<mongoDB instance ip>:<mongo_port_y> <ssh_username>#<bastion_host_ip> -i <ssh_key_path>
Local_Port_X : Port on your local machine where you want to access remote Mongo instance
MongoDB Instance IP : ip address for ec2 instance hosting MongoDB
Mongo_Port_Y : Port that MongoDB is listening on (seems 27017 from your question - please do verify that you can talk to Mongo Instance from within Bastion host on this port)
Bastion_Host_Ip : IP address on bastion host which should directly be reachable from your local machine

Unable to Connect to AWS RDS Postgres from local system

I have created an AWS RDS Instance with Postgres 10.6
I am trying to connect to it from my local system using below command:
psql --host=dev.xyz.ap-south-1.rds.amazonaws.com --port=5432 --user="postgres" --password --dbname=abc
The Inbound rules i have set are
Allow TCP traffic on 5432 from Anywhere.
Still I am getting below error:
psql: could not connect to server: Connection timed out
Is the server running on host "dev.xyz.ap-south-1.rds.amazonaws.com" (xxx.xxx.xxx.xxx) and accepting
TCP/IP connections on port 5432?
If Publicly accessible = No, then you will not be able to access the RDS database from outside the VPC.
This is because the DNS Name of the database will not resolve to an IP address.

Amazon RDS PostgreSQL not accepting TCP connections on port 5432

I have created a PostgreSQL Amazon RDS databaes but I cannot connect to it from my local machine.
I am connecting like this:
psql -h <db endpoint> -p 5432 -U <username> <db name>
Response is:
Is the server running on host and accepting TCP/IP connections on port 5432?
Here are the database settings:
Here are my security group settings:
Your configuration picture is showing a setting of Publicly Accessible = No.
You will need to modify your database to set this to Yes.
From Modifying a DB Instance Running the PostgreSQL Database Engine:
Publicly Accessible
Choose Yes to give the DB instance a public IP address, meaning that it will be accessible outside the VPC (the DB instance also needs to be in a public subnet in the VPC); otherwise, choose No, so the DB instance will only be accessible from inside the VPC.
If you don't want to have Publicly Accessible = Yes then you should ensure that you've set a Security Group which has an Inbound rule. You'd have to then ensure that the security group is set up correctly.