Digitalocean with RDS?

Has anyone been able to setup an Amazon RDS database with a Digitalocean droplet?

I feel like I’ve been stuck in a recursive loop the past few days. :weary:

I’m able to connect to the RDS instance using SequelPro, just not from my Digitalocean droplet. So, I’m thinking either Digitalocean is preventing me or my iptables are incorrect. I’ve attempted to manually open the 3306 from ssh but may not be doing so properly.

I’m also curious what anyone thoughts are about even attempting this?? I’ve read latency could become an issue. As well as, I’ve read it’s important to encrypt the data from the server to RDS to prevent a man-in-the-middle…which I have yet to even begin to figure out how to go about encrypting the data. First things first, making a connection.

Greatly appreciate any thoughts, personal experience and/or comments!

Not sure exactly what the issue is, but I’d recommend against doing this. Like you said, latency will obviously be much worse than a database within same machine, network, datacenter, etc.

Why not just use EC2 as well?

2 Likes

I’m using a Digitalocean droplet because I’m familiar with the setup, deployment and such.

Plus, I thought I’d be saving a few bucks using Digitalocean over an EC2 instance but like you said, it’s probably not such a great idea. Thanks for confirming what my intuition was telling me.

Side note: (probably another topic) but do you know if I’ll run into issues with Let’s Encrypt when I setup a new EC2 server and deploy from it, after having already setup a server on Digitalocean that was configured with Let’s Encrypt?

Thanks again!

Yeah, EC2 is a little more complicated.

Running LE again on a different server is not an issue. You’ll just end up creating new certificates.

I’m in a similar situation - able to open RDS with HeidiSQL and tunnel MySQL using:

$ mysql -h ${RDS_ENDPOINT} -P 3306 -u ${AUTHORIZED_USER} -p

I have a prometheus build on Digital Ocean and I’ve been having trouble getting performance_schema exported to an endpoint. Would be interested to know if anyone has a setup like this working well.

Anyone have additional info on querying RDS from EC2 vs Digital Ocean? Was not aware that performance / security suffered that much between the two.

It’s not specific to RDS and DO. It’s a general best-practice for any database connection: the server should be as close as possible to each other. If it’s not within the same data center, I wouldn’t do it. Connections should probably be less than 2ms.

1 Like

If you don’t want to use the local DB that Trellis creates, you could spin up another DO droplet running one of the one-click apps (if you don’t want to deal w/ a bare linux distro) like the LEMP, LAMP, or Docker images, and spin it up in the same region as your Trellis droplet. If you enable private networking on each droplet, you can avoid many security concerns associated with having an external DB.

@Luke_Markey - this article might be useful: https://www.datadoghq.com/blog/how-to-collect-rds-mysql-metrics/

1 Like