search

prisma / prisma-1-cloud-feedback

Feedback for Prisma Cloud
https://app.prisma.io
5 stars 4 forks source link

Can't connect to Serverless Aurora with Prisma Cloud #242

Open jonthewayne opened 5 years ago

jonthewayne commented 5 years ago

I first created a Serverless Aurora DB.

Then from Prisma Cloud, I clicked to setup a new server and connect to an existing DB.

I entered the connection details (mysql type, host, port, username, password) and clicked "Connect to Database".

Note: for host, I used this endpoint: remember-backend-dev.cluster-cu971g1wrlap.us-west-2.rds.amazonaws.com

Prisma Cloud failed to connect and popped up a timeout error.

I did some research and came across this:

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html

"You can't give an Aurora Serverless DB cluster a public IP address. You can access an Aurora Serverless DB cluster only from within a virtual private cloud (VPC) based on the Amazon VPC service."

Here's a related connection issue:

https://stackoverflow.com/questions/51716530/aws-aurora-mysql-serverless-how-to-connect-from-mysql-workbench

Does anyone know a way to connect to Serverless Aurora?

Thanks! Jon

sorenbs commented 5 years ago

Hi @jonthewayne

Aurora Serverless is super exciting, but the current implementation has some rough edges. One you already discovered is the fact that it only accepts connections from within the VPC it is created in. This is especially bad if you want to connect from code running in Lambda as Lambda functions incur a ~10 second cold start overhead when running in a VPC. The lambda team is focused on improving this over the next year - see this talk from re:Invent for more detail.

Prisma is actually a great way to overcome this limitation, as you can run Prisma in the same VPC and route its GraphQL API to the public internet. Prisma Cloud currently does not have a way to set this up automatically, but you can use the cloud formation templates as a foundation to set this up manually. You will have to adjust them to use VPC. Additionally we already have a handful of larger customers where we are operating this setup with Aurora Serverless on their behalf and managing all the infrastructure, on-call etc. Please get in touch at sales@prisma.io if this would be interesting to you.

If you want to dive deeper into the current state of Aurora Serverless, I can recommend this talk from the latest re:Invent.

jonthewayne commented 5 years ago

Thanks so much for the feedback guys! For now, your managed option is a little too pricey for my small startup. I have heard though that a Serverless version of Prisma is in the works that would allow me to start at a more reasonable cost. I hope this version will also solve the problem of connecting to Aurora Serverless.