Is it possible to use encrypted database?

question

#1

Hi,

First thanks a lot for your great job!

I just try to convert my rds postgre database to an encrypted database.

Conversion on aws rds side is ok.
I am able to connect through Pgadmin and jets db.

But on my web application side all I get is a timeout error.

So I am wondering if there is any additional configuration to be done on an encrypted database.

In advance thank you for your help!

Fabien.


#2

Weird. RDS encryption means that the data encrypted on the disk. The client still talks to the DB transparently, so I believe it should work the same. I may be incorrect here, but that’s my understanding of it.

Wondering if there is a more informative error message when the Jets app boots up and tries to connect to the db. The db connection gets establish on boot up, so you’ll only see error near the Jets deploy time. Try deploying and checking the logs near the deploy time for hopefully a more helpful error message.

Tip: Sometimes, I just modified the function in the Lambda console editor by adding a space or newline so the function is “deployed” and check the logs for a quicker way to debug.


#3

Hi Tung,

Thanks for your quick feedback.

Should I look to the apigateway logs or to the Lambda logs? Or both?

Regards,
Fabien.


#4

Jets deployment on bash side seems to be ok as I get the usual message “Stack success status: UPDATE_COMPLETE” and the api gateway endpoint is displayed.

Regarding the logs on AWS side, I get absolutely no entry on RDS, APIGateway and Lambda after the deployment.

Regards,

Fabien.


#5

Hello,

Has anyone ever tried it and succeed?

Have a nice day!


#6

Hi Gurus,

Finally it’s working fine!

I just have to wait a few hours … I don’t know which AWS components needs this delay but now it is working.

For information, I had the same delay issue when I had to update my AWS SSL certificate. It worked immediately on my development environment whereas I had to wait more than one hour on my production environment.

Hope this helps other users!

Have a nice day!


#7

Ah I see. Thanks for posting an update. :+1:

Sounds like the db was being modified from non-encrypted to encrypted disk. Believe when that happens, the RDS steps are generally:

  1. Suspend IO activity to guarantee the the data will be consistent for the next step
  2. Snapshot the current EBS volume associated with the RDS instance
  3. Provision a new encrypted EBS volume from the snapshot
  4. Attach encrypted EBS volume to RDS instance
  5. Starts back up RDS database

So that’s why you see downtime during this process.

Unsure if it makes a difference in terms of downtime with an RDS multi-AZ setup because IO activity would still be suspended for a consistent data snapshot.


#8

Hi Tung,

When I try to reach my web app after updating my database, I was able to query it through PgAdmin for example.

So the database was up but the lambda functions were not able to communicate with it, I don’t know why.

Thanks again for your great work on Ruby On Jets!

Fabien.


#9

Wondering what the logs say. That may be helpful.

A shot in the dark. Maybe during the upgrade did db reboot? If that happens the clients (lambda functions) need to reconnect. ActiveRecord has a “reconnect: true” setting that helps: