Amazon RDS

Last Updated: 20 March 2014

database rds

Table of Contents

Amazon RDS is a service that allows you to set up, operate and scale a dedicated MySQL database server on top of EC2. In addition to standard MySQL features, RDS offers the following functionality:

  • Automated backups.
  • Point-in-time recovery.
  • Seamless vertical scaling between instance types.

This article describes how to configure your Heroku app to consume an AWS RDS database provisioned and purchased separately.

Authorizing access to RDS instance

You have to grant Heroku dynos access to your RDS instance. The recommended way to do this is to configure the RDS instance to only accept SSL-encrypted connections from authorized users and configure the security group for your instance to permit ingress from all IPs.

Previously, Heroku published its AWS account ID and security group name as a way to grant access to an AWS RDS instance. This is no longer recommended.

Configuring a Heroku Ruby app

Follow these steps to access a MySQL RDS instance from a Heroku Ruby app (adapted from Stackoverflow response):

First, download the Amazon RDS CA certificate:

$ curl https://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem > ./config/amazon-rds-ca-cert.pem

Add the certificate file to your app’s git repository and re-deploy to Heroku.

Update the DATABASE_URL config var to include the sslca parameter pointing to the certificate file in your repository:

heroku config:add DATABASE_URL="mysql2://username:password@hostname/dbname?sslca=config/amazon-rds-ca-cert.pem" -a <app_id>

The relative path to the certificate file is important.

Require SSL

Configure MySQL to require SSL for all connections for the user:

GRANT USAGE ON *.* TO 'username'@'%' REQUIRE SSL;

That’s it! Your Ruby app should now be able to access the RDS MySQL database over SSL.

Additional resources

Please refer to the relevant AWS and MySQL documentation for additional details on how to use SSL connections with your RDS database and how to authorize access for a DB security group:

The ClearDB Dev Center article has additional details on how to use SSL certificates when connecting to a MySQL Database

Please see this Forum discussion for details on how to connect to RDS databases from Java and Play apps