Connect to AWS RDS MySQL database instance with Flask-SQLAlchemy

26
votes

For my Flask app, I want to use the Flask-SQLAlchemy extension to connect to a database instance I created on AWS RDS.

When I try to connect, the application times out and I get the following error:

sqlalchemy.exc.OperationalError: (OperationalError) (2003, "Can't connect to MySQL server on 'xxxxxxxxxxxxxxx.xxxxxxxxxxxx.us-east-1.rds.amazonaws.com'(60")

My Code Looks Like This:

from flask import Flask
from flask.ext.sqlalchemy import SQLAlchemy
application = Flask(__name__)

application.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://{master username}:{db password}@{endpoint}/{db instance name}'
db = SQLAlchemy(application)

@application.route('/')
def hello_world():
    return 'Hello World'

if __name__ == '__main__':
    application.run()

The Flask-SQLAlchemy documentation says that the format of the SQLALCHEMY_DATABASE_URI for mysql database connections should look like this:

mysql://username:password@server/db

Additionally, I can check the AWS RDS console for information on my database instance. The console looks like this.

Right now I am assuming that "username" in SQLAlchemy refers to the "Master Username" in the AWS RDS console, "server" in SQLAlchemy refers to the "Endpoint" in the AWS RDS console, and "db" refers to the "Database Instance Name"

What am I doing wrong??

If someone could describe the SQLALCHEMY_DATABASE_URI for me with the AWS RDS console terms, that would completely solve the problem.

3
mysqlamazon-rdsflask-sqlalchemy
how can be used the same for a aws rotating secret key and if the secret key updates do we need to restart the application?newuser

3 Answers

20
votes

Go to your AWS RDS console and choose your instance -> DB Security Groups -> Click Default

and add a new CIDR as per the recommended IP range.

This is basically a firewall configuration which determines who can connect to the database instance.

You could set it as 0.0.0.0/0 so that firewall doesn't prevent you from accessing it from any host/network.

5
votes

This is a valid path: EC2 dashboard -> Find network & security from left side panel -> Security groups.

Security groups

If you have a security group created, you may go to number 2.

  1. Creating a new security group:

There you can name your security group and description.

VPC will probably be automatically created for you.

Create security group window

After creating it, select it from the list.

  1. Set up inbound and / or outbound connections:

Here you can configure inbound connections rules.

Inbound window

On edit -> add rule you have default presets for easy configuration, for example HTTP on port 80.

Edit inbound connection rules window

I hope this helps everyone from now on.

  • Due to security reasons, try to only allow trusted IPs and / or security groups needed.
2
votes

make sure you're creating a database name in the initial setup of the database under addition configuration unless AWS RDS won't create a database.