使用PHP从EC2通过VPC连接到RDS实例
[英]Connecting to RDS instance through VPC from EC2 using PHP
问题描述
I've been looking on stackoverflow for quite some time, but I just can't seem to find a solution... Here's what my situation looks like: 
我一直在寻找stackoverflow了一段时间,但似乎似乎找不到解决方案……这是我的情况:
- EC2 instance in us-east-1b (running CentOS 6) us-east-1b中的EC2实例(运行CentOS 6)
- RDS instance in us-east-1b (multi-az is off) us-east-1b中的RDS实例(multi-az已关闭)
- Both EC2 and RDS instances are in the same VPC EC2和RDS实例都在同一VPC中
- Both EC2 and RDS instances use the same Security Group EC2和RDS实例都使用相同的安全组
- I can login into RDS from EC2 through the terminal 我可以通过终端从EC2登录到RDS
- I have my security group setup to allow ANY inbound IP address using TCP port 3306 (MySQL) 我的安全组设置为允许使用TCP端口3306(MySQL)的任何入站IP地址
- It was a long shot, but I've also disabled SELINUX on EC2 这是一个很长的路,但是我也已经在EC2上禁用了SELINUX
Now here's my problem: 现在这是我的问题:
I can't seem to figure out how to connect to RDS from EC2 through a simple PHP script. 我似乎无法弄清楚如何通过一个简单的PHP脚本从EC2连接到RDS。 Whenever I try to connect, I get error code 13. Since EC2 can connect through the terminal, I'm guessing that's due to being in the same subnet; 每当我尝试连接时,我都会收到错误代码13。由于EC2可以通过终端进行连接,所以我猜测这是由于位于同一子网中; however, when I try to connect through PHP (I'm assuming at this point it's trying to connect with the EIP address) I get an error. 但是,当我尝试通过PHP连接时(我假设此时正在尝试与EIP地址连接),我得到一个错误。
Weird thing is a I can connect to RDS though Sequel Pro (Mac equivalent to Navicat or phpMyAdmin), but not through EC2. 奇怪的是,我可以通过Sequel Pro(Mac相当于Navicat或phpMyAdmin)连接到RDS,但不能通过EC2连接到RDS。
I'm starting to think it's not longer a security group issue, but a OS/PHP configuration on my EC2 instance that's completely slipped my mind. 我开始认为这不再是安全组问题,而是EC2实例上的OS / PHP配置完全让我无所适从。
Any thoughts? 有什么想法吗? Thanks in advanced! 提前致谢!
2 个解决方案
解决方案1
5 2015-05-01 12:54:35
I am re-posting my answer from another thread, since yours came up as related: 我正在从另一个线程重新发布我的答案,因为您的答案与之相关:
What are you running on your EC2? 您在EC2上运行什么? Just asking in case it's an SELinux (Security-Enhanced Linux), in which case it could possibly be the security limitation. 只是询问是否是SELinux(增强安全性的Linux),在这种情况下可能是安全限制。
At your terminal, if you run: 在终端上,如果您运行:
getsebool -a | grep httpd
you should be able to see this limitation (whether your webserver can "network" or not. If it cannot, then run this, which should fix your problem: 您应该能够看到此限制(您的Web服务器是否可以“联网”。如果不能,请运行此服务器,这应该可以解决您的问题:
setsebool -P httpd_can_network_connect 1
Hope that solves it, otherwise I don't see where the issue can arise, especially since you say you can connect via terminal (so AWS security groups should not be the issue). 希望能解决这个问题,否则我看不到问题可能出在哪里,尤其是因为您说可以通过终端连接(因此AWS安全组不应该成为问题)。
解决方案2
0 2014-03-30 17:58:56
You can try to connect to your RDS instance using your internal subnet IP address. 您可以尝试使用内部子网IP地址连接到RDS实例。 To find out which one is you internal IP address (from your VPC subnet) from your EC2 instance in the same subnet: 要找出来自同一子网中EC2实例的内部IP地址(来自VPC子网)是哪一个,请执行以下操作:
ping <your-rds-endpoint-without-3306>
Double check you use the right credentials. 仔细检查您是否使用了正确的凭据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.