unable to configure Hyperdrive with RDS
unable to configure Hyperdrive with RDS (MySQL) , error attached
22 Replies
We also use RDS for our testing, so that is surprising. Can you share some more details? Is this over a tunnel?
Yes it’s over a tunnel. The RDS is in a private network @knickish
I’ve install “Cloudflared” within the private network and also created a public hostname like the docs instructed.
Are you able to connect to the database using
mysql over the tunnel without using Hyperdrive?How can I do that? @knickish
Connect (with the normal
mysql command line client or whatever you choose to use) to the public hostname you configured for the tunnel, and if that works then we will know it is a hyperdrive config issue rather than a tunnel issueoh i get it now, quick question after setting up a tunnel, when configuring hyperdrive am i configuring it as public database or still as a private database @knickish
it should still be
Private database (which basically means that it will use a tunnel). Public database just means that Hyperdrive would talk directly to your database using a publicly accessible hostname/porttried connecting using the public hostname on a mysql client but it failed.
when setting up the host name there was no provision to setup a public port tho @knickish
Any suggestions on way forward here? @knickish
cc @thomasgauvin
@omar let’s reset here. What have you got set up? Have you followed the guide? https://developers.cloudflare.com/hyperdrive/configuration/connect-to-private-database/
(don’t just say yes - explain what you have set up + show the config)
Cloudflare Docs
Connect to a private database using Tunnel
Hyperdrive can securely connect to your private databases using Cloudflare Tunnel and Cloudflare Access.
thanks for your help here, @Matt Silverlock
1. We installed cloudflared on an EC2 within our VPC on AWS which has access to the RDS database
2. after installation we ran this command "sudo cloudflared service install eyJhIj*"
3. Created a private network and a public hostname
4. after setting up the tunnel by following the steps above, we proceeded to create the hyperdrive config which keeps returning 403
images attached for each step
cc @thomasgauvin
Can you share your account ID & config ID here in the meantime?
account ID - 5b157293c482c4e75aedab1c7b957e16
config ID - 8900767c-9dda-4bd6-90cb-a5306bedff4b
@Matt Silverlock
@omar do you have time for a call today? want to figure out what's going wrong https://calendar.app.google/s7R98bCBCxkErzdT6
yes. booked an appointment. thank you! @thomasgauvin
Great talk then!
Was great chatting with you @omar , glad we were able to get it resolved, we're definitely going to inspect this further to prevent it + we have long term plans to improve the integration between hyperdrive and cloudflare tunnels
(for anyone else who stumbles upon this thread running into issues, feel free to book a slot in my calendar!)
thank you for your support here, definitely looking forward to an improved integration, would provide feedback as we take this to production @thomasgauvin @Matt Silverlock
@thomasgauvin finding the connection issues for a postgres setup (running cloudflared on a ecs instance) wanted to ping the launchpad cohort, but would love to schedule somethjing on your cal first 🙏
Sounds good, are you connecting to RDS or Aurora?
RDS 🙂
Was bit confused yesterday as I saw this comment stating you have to an IP https://discord.com/channels/595317990191398933/1203400509667680256/1348098289899409489
Then a follow up one with a blogpost stating you could use the endpoint
https://discord.com/channels/595317990191398933/1203400509667680256/1357453402170462388
🤔
For application traffic (using Workers and Hyperdrive), your (only) option is to use Cloudflare Tunnels (and you can use the db hostname for this) https://developers.cloudflare.com/hyperdrive/configuration/connect-to-private-database/
For developer/admin traffic, you can use Cloudflared Client https://developers.cloudflare.com/cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp/ with a new access policy on the access application
Cloudflare Docs
Connect to a private database using Tunnel
Hyperdrive can securely connect to your private databases using Cloudflare Tunnel and Cloudflare Access.
Cloudflare Docs
Arbitrary TCP
Cloudflare Access provides a mechanism for end users to authenticate with their single sign-on (SSO) provider and connect to resources over arbitrary TCP without being on a virtual private network (VPN).