I have a NodeJS application using Objection and Knex libraries connecting to a MySQL database in AWS RDS. I am able to connect to it with knex if I set up the knex file with the proper accessibility tokens and credentials, as well as make the RDS publicly accessible with Inbound Rules allowing traffic to 3306 from everywhere.
I realize that anyone with the accessibility tokens and password can access the database.
Can I ask, if there is a more secure way to connect to RDS? For example, I am able to connect to AWS RDS through MySQL workbench by using a PEM file to an EC2 instance which has a connection to the RDS database. For this connection, the RDS Database need not be publicly accessible nor does it need to allow Inbound traffic from anywhere.
What I Have Tried
With the credentials set up, I have tried connecting without public accessibility and with Inbound traffic only allowing from my IP. And I have tried w/o pub access + allowing traffic anywhere. And w/ public access + allowing only my IP.
All of those did not succeed.
Only when I made it publicly accessible and open to all Inbound traffic, did it work.
Also, I tried looking at the Knex documentation and could not find a connection to EC2 or using a PEM file.
Is this the most secure way to have Knex connect to RDS? Is this good in terms of best practices?
This is a template of my connection object code:
{
client: 'mysql2',
connection: {
host: HOST,
user: USERNAME,
password: PASSWORD,
database: DATABASE,
},
migrations: {
tableName: MIGRATIONS_TABLE_NAME,
},
};