Questions about using AWS RDS environment variables to connect to my AWS RDS database

廉价感情. 提交于 2019-12-05 00:11:43

问题


In my Flask-SQLAlchemy application hosted on AWS, I take advantage of environment variables added by the RDS instance I have associated with my applications environment by construction my database connection URI with

application.config['SQLALCHEMY_DATABASE_URI'] = 
      'mysql://{}:{}@{}:{}/{}'.format(
             os.environ['RDS_USERNAME'], 
             os.environ['RDS_PASSWORD'],
             os.environ['RDS_HOSTNAME'],
             os.environ['RDS_PORT'],
             os.environ['RDS_DB_NAME'])  

This works fine but leaves me with several issues I'm uncomfortable with and wonder if I can (or should bother) fixing:

  1. RDS_DB_NAME (ebdb) is different from the database name I use on my development machine, and not a name that's very informative; but it's assigned when I create the database (using "create a New RDS Database" in the "Data Tier" section of the EB environment's Configuration page). I know I can overrule this value by simply hard coding a different database name in the code above, but is there a way to change the name within AWS?
  2. RDS_USERNAME corresponds to what the (initial) configuration dialog for the RDS instance calls the "Master User" which is given extensive privileges by default; but the role this user plays in the application is limited to whatever functionality the application demands. Is there any reason not to (perhaps severely) limit the privileges for this user? Am I overthinking what "Master" means?
  3. The fact that RDS_PASSWORD is exposed as an environment variable has me worried (especially given that it is also called a "Master Password"). Am I overthinking this too? Is this password used for anything else other than the "Master User"; is exposing it in an environment variable a risk?

In short: (1) can I change the database name somewhere on AWS; (2) can I treat the "Master" user as being merely the user from my application (changing privileges as needed for he app without side effects); and (3) do I need to worry about the password as an environment variable?

来源:https://stackoverflow.com/questions/27828837/questions-about-using-aws-rds-environment-variables-to-connect-to-my-aws-rds-dat