问题
I am trying to remotely connect Google Data Studio with our MySQL Database, which is hosted on an AWS instance. To allow for a secure connection, we added SSL access to the AWS's MySQL database user as recommended in the documentation:
GRANT USAGE ON *.* TO 'encrypted_user'@'%' REQUIRE SSL;
The problem here is that AWS, unlike GOOGLE CloudSQL, only generates a Server certificate, and not a Client certificate, nor a Client private key (as far as I can tell). Both the latter is needed to enable SSL for Google Data Studio & MySQL connection.
Just to add a side-note, we also white-listed Google's recommended IPs as listed here. There are a lot of users in this thread complaining that white-listing specific IPs does not work, they had to add wildcard on the subnets. So we have also added addresses of the /16 subnets for each IP:
64.18.%.%
64.233.%.%
66.102.%.%
66.249.%.%
72.14.%.%
74.125.%.%
108.177.%.%
173.194.%.%
207.126.%.%
209.85.%.%
216.58.%.%
216.239.%.%
Finally, one does not need to restart the AWS firewall after white-listing new IPs, it is immediately in-effect.
My Questions:
Is there absolutely no way to create a client certificate and a client private key on MySQL hosted on AWS ?
I would really want to use SSL between Google Data Studio (GDS) and our MySQL-DB, but the GDS-UI does not allow us to connect without filling in the client certificate and client private key. Is there any work around at the moment for me to allow this secure connection ?
Thanks in advance!
回答1:
I was able to establish SSL connection between Google Data Studio and Amazon RDS PostgreSQL using Amazon server certificate and self-signed client cert + key created with OpenSSL:
openssl req -newkey rsa:2048 -nodes -keyout client.key -x509 -days 365 -out client.crt
Taken from https://stackoverflow.com/a/48994943/2789084.
来源:https://stackoverflow.com/questions/49047779/google-data-studio-aws-mysql-ssl-connection