是否还有其他方法,例如从EC2建立SSH tunel
您可以使用PgAdmin中的SSH tunel 跟踪this question.
The same idea would apply for Prisma, which acts as a client that needs to connect to a database.
The main requirement is establishing a secure connection from an external network (GitHub Actions runner in your case) to the RDS instance, which is restricted to external access. That is where the SSH tunnel comes in, providing a secure pathway through an allowed intermediary (the EC2 instance).
You would need to create an SSH key pair on your local machine or GitHub runner. That key will be used to establish a secure SSH connection to the EC2 instance. (ssh-keygen). Make sure your EC2 instance has SSH enabled and can access the RDS database, as seen in this answer. Add the public key you generated to the ~/.ssh/authorized_keys file on the EC2 instance to allow access.
Add the private key, EC2 instance's IP address or hostname, and username as secrets in your GitHub repository settings. These will be used to establish the SSH connection.
您的GitHub工作流应该将私钥 echo 到文件中,设置适当的权限,然后使用SSH命令创建 tunel :
- name: Set up SSH Tunnel for Database Access
run: |
echo "$PRIVATE_KEY" > private_key && chmod 600 private_key
ssh -o StrictHostKeyChecking=no -i private_key ${USER_NAME}@${HOSTNAME} -L local_port:RDS_endpoint:RDS_port -N &
sleep 5
当您的GitHub操作工作流运行时,它应该创建到EC2实例的SSH tunel ,而EC2实例又可以访问RDS数据库.这使得您的数据库操作可以安全地执行,而不会将RDS实例expose 给公共互联网.