1. 技术文章
  2. Questions about using AWS RDS environment variables to connect to my AWS RDS database

Questions about using AWS RDS environment variables to connect to my AWS RDS database

廉价感情. 提交于 2019-12-05 00:11:43

问题


In my Flask-SQLAlchemy application hosted on AWS, I take advantage of environment variables added by the RDS instance I have associated with my applications environment by construction my database connection URI with

application.config['SQLALCHEMY_DATABASE_URI'] = 
      'mysql://{}:{}@{}:{}/{}'.format(
             os.environ['RDS_USERNAME'], 
             os.environ['RDS_PASSWORD'],
             os.environ['RDS_HOSTNAME'],
             os.environ['RDS_PORT'],
             os.environ['RDS_DB_NAME'])

This works fine but leaves me with several issues I'm uncomfortable with and wonder if I can (or should bother) fixing:

  1. RDS_DB_NAME (ebdb) is different from the database name I use on my development machine, and not a name that's very informative; but it's assigned when I create the database (using "create a New RDS Database" in the "Data Tier" section of the EB environment's Configuration page). I know I can overrule this value by simply hard coding a different database name in the code above, but is there a way to change the name within AWS?
  2. RDS_USERNAME corresponds to what the (initial) configuration dialog for the RDS instance calls the "Master User" which is given extensive privileges by default; but the role this user plays in the application is limited to whatever functionality the application demands. Is there any reason not to (perhaps severely) limit the privileges for this user? Am I overthinking what "Master" means?
  3. The fact that RDS_PASSWORD is exposed as an environment variable has me worried (especially given that it is also called a "Master Password"). Am I overthinking this too? Is this password used for anything else other than the "Master User"; is exposing it in an environment variable a risk?

In short: (1) can I change the database name somewhere on AWS; (2) can I treat the "Master" user as being merely the user from my application (changing privileges as needed for he app without side effects); and (3) do I need to worry about the password as an environment variable?

来源:https://stackoverflow.com/questions/27828837/questions-about-using-aws-rds-environment-variables-to-connect-to-my-aws-rds-dat

标签
amazon-web-services
database-connection
flask-sqlalchemy
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!