In my Flask-SQLAlchemy application hosted on AWS, I take advantage of environment variables added by the RDS instance I have associated with my applications environment by construction my database connection URI with
application.config['SQLALCHEMY_DATABASE_URI'] =
'mysql://{}:{}@{}:{}/{}'.format(
os.environ['RDS_USERNAME'],
os.environ['RDS_PASSWORD'],
os.environ['RDS_HOSTNAME'],
os.environ['RDS_PORT'],
os.environ['RDS_DB_NAME'])
This works fine but leaves me with several issues I'm uncomfortable with and wonder if I can (or should bother) fixing:
RDS_DB_NAME(ebdb) is different from the database name I use on my development machine, and not a name that's very informative; but it's assigned when I create the database (using "create a New RDS Database" in the "Data Tier" section of the EB environment's Configuration page). I know I can overrule this value by simply hard coding a different database name in the code above, but is there a way to change the name within AWS?RDS_USERNAMEcorresponds to what the (initial) configuration dialog for the RDS instance calls the "Master User" which is given extensive privileges by default; but the role this user plays in the application is limited to whatever functionality the application demands. Is there any reason not to (perhaps severely) limit the privileges for this user? Am I overthinking what "Master" means?- The fact that
RDS_PASSWORDis exposed as an environment variable has me worried (especially given that it is also called a "Master Password"). Am I overthinking this too? Is this password used for anything else other than the "Master User"; is exposing it in an environment variable a risk?
In short: (1) can I change the database name somewhere on AWS; (2) can I treat the "Master" user as being merely the user from my application (changing privileges as needed for he app without side effects); and (3) do I need to worry about the password as an environment variable?
Aucun commentaire:
Enregistrer un commentaire