Google Data Studio& AWS MySQL SSL连接 [英] Google Data Studio & AWS MySQL SSL Connection
问题描述
我正在尝试将Google Data Studio与我们的MySQL数据库远程连接,该MySQL数据库托管在一个AWS实例上.为了实现安全连接,我们按照
I am trying to remotely connect Google Data Studio with our MySQL Database, which is hosted on an AWS instance. To allow for a secure connection, we added SSL access to the AWS's MySQL database user as recommended in the documentation:
GRANT USAGE ON *.* TO 'encrypted_user'@'%' REQUIRE SSL;
这里的问题是,AWS与 GOOGLE CloudSQL 不同,仅生成服务器证书,而不生成客户端证书,也不生成客户端私钥(据我所知).启用Google Data Studio& SSL的SSL都需要后者. MySQL连接.
The problem here is that AWS, unlike GOOGLE CloudSQL, only generates a Server certificate, and not a Client certificate, nor a Client private key (as far as I can tell). Both the latter is needed to enable SSL for Google Data Studio & MySQL connection.
只需添加一个旁注,我们还将Google推荐的IP列入白名单,列为
Just to add a side-note, we also white-listed Google's recommended IPs as listed here. There are a lot of users in this thread complaining that white-listing specific IPs does not work, they had to add wildcard on the subnets. So we have also added addresses of the /16 subnets for each IP:
64.18.%.%
64.233.%.%
66.102.%.%
66.249.%.%
72.14.%.%
74.125.%.%
108.177.%.%
173.194.%.%
207.126.%.%
209.85.%.%
216.58.%.%
216.239.%.%
最后,将新IP列入白名单后,无需重启AWS防火墙,它立即生效.
Finally, one does not need to restart the AWS firewall after white-listing new IPs, it is immediately in-effect.
我的问题:
-
是否绝对无法在AWS托管的MySQL上创建客户端证书和客户端私钥?
Is there absolutely no way to create a client certificate and a client private key on MySQL hosted on AWS ?
我真的很想在Google Data Studio(GDS)和我们的MySQL-DB之间使用SSL,但是GDS-UI不允许我们在不填写客户端证书和客户端私钥的情况下进行连接.目前允许我进行这种安全连接吗?
I would really want to use SSL between Google Data Studio (GDS) and our MySQL-DB, but the GDS-UI does not allow us to connect without filling in the client certificate and client private key. Is there any work around at the moment for me to allow this secure connection ?
提前谢谢!
推荐答案
我能够使用Amazon服务器证书和使用OpenSSL创建的自签名客户端证书+密钥在Google Data Studio和Amazon RDS PostgreSQL之间建立SSL连接:
I was able to establish SSL connection between Google Data Studio and Amazon RDS PostgreSQL using Amazon server certificate and self-signed client cert + key created with OpenSSL:
openssl req -newkey rsa:2048 -nodes -keyout client.key -x509 -days 365 -out client.crt
来自 https://stackoverflow.com/a/48994943/2789084 .
这篇关于Google Data Studio& AWS MySQL SSL连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
