Skip to Content

Configure Jump Server to use SSL for AWS RDS

How to configure Ezeelogin Jump Server to use SSL for AWS RDS database connection?

Refer this article to set up AWS RDS .
You can download certificates for using SSL in AWS RDS from here.

1. Move the certificate file to /usr/local/etc/ezlogin/ and ensure that the permissions of the certificate file are correctly set.

root@gateway ~]# mv certificate-file.pem /usr/local/etc/ezlogin/

root@gateway ~]# chmod 644 /usr/local/etc/ezlogin/certificate-file.pem

3. Try connecting RDS with SSL using the below command.

root@gateway ~]# mysql -h mysql–instance1.123456789012.us-east-1.rds.amazonaws.com --ssl-ca= /path_of_cert_file/certificate-file.pem -P 3306 -u mymasteruser -p --ssl-mode=VERIFY_IDENTITY

4. Append below lines in /usr/local/etc/ezlogin/ez.conf file and specify the path of certificate to use SSL RDS with Ezeelogin.

root@gateway ~]# vim /usr/local/etc/ezlogin/ez.conf

mysql_encrypt yes
 
mysql_ssl_ca /usr/local/etc/ezlogin/certificate-file.pem

5. Try accessing GUI and Ezeelogin shell to confirm if it's using RDS SSL.

6. Run the below commands in RDS, if you got database error.

root@gateway ~]# mysql -h mysql–instance1.123456789012.us-east-1.rds.amazonaws.com -u mymasteruser -p

[Enter password]

mysql > grant all on ezlogin_databasename.* to 'mysql_username'@'%' identified by 'password' with grant option;

mysql > grant all on ezlogin_databasename.* to 'mysql_username'@'%' identified by 'password';

mysql > grant all on ezlogin_databasename.* to 'ezlogin_database_username'@'%' identified by 'ezlogin_database_password';

mysql > flush privileges;

mysql > exit