read

In a recent sequence of posts on deploying a Rails application to Elastic Beanstalk (Step1 is here) we set up a secure VPC with public and private subnets. Part of this secure setup is to place your PostgreSQL database server in the private subnets and not make it publicly accessible.

This is great from a security perspective, but raises the question - how do I run my rails console against the database? Typical reasons for doing this might be to bootstrap your users (e.g. create the first Admin user). Or for when you need to debug some data issue.

This post runs through how to tunnel through your Bastion server to your database.

To tunnel through to our database we use ssh:

ssh -i [IDENTITY_FILE] -L [LOCAL_PORT]:[RDS_HOST]:[RDS_PORT] ec2-user@[BASTION_HOST]

An example of what this command might look like is:

ssh -i DemoKeyPair.pem -L 6543:demo.c2syu2demiip.eu-west-1.rds.amazonaws.com:5432 ec2-user@52.214.152.242

This will create a port mapping through our bastion server from our local machine port 6543 to demo.c2syu2demiip.eu-west-1.rds.amazonaws.com port 5432.

Once this is successfully set up we can connect to our database as if it was running locally:

psql -h localhost -p 6543 -U db_user -d demo

And to run our rails console (assuming you have setup your production database yml to use DATABASE_URL):

DATABASE_URL=postgres://db_user:Y509q2XJ8M@localhost:6543/demo DISABLE_SPRING=1 bundle rails console production

One important thing to note - DISABLE_SPRING=1 - this is necessary as otherwise spring will bring up the console with the cached environment from previous runs. This can lead to you connecting to the develop database or to errors if you don’t have PostgreSQL running locally:

	Is the server running locally and accepting
	connections on Unix domain socket "/tmp/.s.PGSQL.5432"?

As always, once you are finished doing what needs to be done with the database, make sure you shutdown your Bastion server. Ideally it should only be run on an as needed basis.

Why not subscribe to my mailing list - I'll send out regular emails with new content (don't worry I won't spam you!)

* indicates required
Blog Logo

Chris Greening


Published

Image

Chris Greening

Blogging about random stuff

Back to Overview