I’ve been working with Elastic Beanstalk for a while now (I use it for this site) and I’ve always been impressed at how easy it makes creating test or development environments. So, when my brother started his own digital agency business, Kroochma, I recommended that he look at the Elastic Beanstalk platform. While it may not be the cheapest hosting solution, it’s simple enough to use and provides a lot of flexibility in how your hosting environments are configured.
One of the questions he’s asked me about Elastic Beanstalk is how to give developers access to the RDS instances created by the service. As the projects in question are PHP-based, we decided to set up phpMyAdmin on certain environments by using an custom .ebextensions file.
The major pre-requisite to using this file is that you’re running an application on an Elastic Beanstalk server that has PHP installed (e.g. any of the Amazon Linux platforms running PHP). If you’re using something else (Ruby, NodeJS, etc.), you might be able to re-purpose this, but you’ll need to add a packages
section to ensure PHP gets installed.
Because I didn’t want this to be a mandatory addition to all environments, it’s possible to configure how the extension works using the following 3 environment variables, which you can set in your Elastic Beanstalk application:
PMA_VER
– version of phpMyAdmin to install. If it’s not set, then the installation won’t happen; great for when you don’t want to set up phpMyAdmin for an environment.PMA_USERNAME
– username for HTTP authentication, if this isn’t set, you won’t have access to phpMyAdmin.PMA_PASSWORD
– password for HTTP authentication.
Assuming the above environment variables are set correctly, the extension will deploy phpMyAdmin with the database connection pre-configured using the $RDS_HOSTNAME
, $RDS_USERNAME
and $RDS_PASSWORD
environment variables. Access to the software itself is possible by visiting the /db_admin
path on your domain (e.g. http://example.com/db_admin), which is restricted by basic HTTP Auth. Ideally you’ll want to be using HTTPS for your site.
container_commands: 01_install_pma: test: test -n "$PMA_VER" && test ! -f /tmp/phpmyadmin.tar.gz command: | cd /tmp wget https://files.phpmyadmin.net/phpMyAdmin/${PMA_VER}/phpMyAdmin-${PMA_VER}-all-languages.tar.gz wget https://files.phpmyadmin.net/phpMyAdmin/${PMA_VER}/phpMyAdmin-${PMA_VER}-all-languages.tar.gz.sha1 cd /tmp && sha1sum --check phpMyAdmin-${PMA_VER}-all-languages.tar.gz.sha1 if [[ $? == 0 ]] then cd /opt/ && tar xzf /tmp/phpMyAdmin-${PMA_VER}-all-languages.tar.gz && ln -s phpMyAdmin-${PMA_VER}-all-languages phpmyadmin else exit 1 fi exit 0 02_create_config_file: test: test ! -f /opt/phpmyadmin/config.inc.php command: cd /opt/phpmyadmin && cp config.sample.inc.php config.inc.php 03_change_auth_type: test: test -f /opt/phpmyadmin/config.inc.php command: sed -i "s/'cookie'/\'config'/g" /opt/phpmyadmin/config.inc.php 04_configure_db_host: test: test -f /opt/phpmyadmin/config.inc.php command: sed -i "s/'localhost'/\$_SERVER['RDS_HOSTNAME']/g" /opt/phpmyadmin/config.inc.php 05_config_db_credentials: command: | grep -q "RDS_USERNAME" /opt/phpmyadmin/config.inc.php || sed -i "/RDS_HOSTNAME/i \ \$cfg['Servers'][\$i]['user'] = \$_SERVER['RDS_USERNAME'];\n\$cfg['Servers'][\$i]['password'] = \$_SERVER['RDS_PASSWORD'];" /opt/phpmyadmin/config.inc.php 06_configure_htauth: test: test -n "$PMA_USERNAME" && test -n "$PMA_PASSWORD" command: | if [[ -f /etc/httpd/htpasswd ]] then htpasswd -b /etc/httpd/htpasswd $PMA_USERNAME $PMA_PASSWORD else htpasswd -cb /etc/httpd/htpasswd $PMA_USERNAME $PMA_PASSWORD fi files: "/etc/httpd/conf.d/pma.conf": mode: "000644" owner: root group: root content: | Alias /db_admin /opt/phpmyadmin <Directory /opt/phpmyadmin> AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile "/etc/httpd/htpasswd" Require valid-user Options FollowSymLinks </Directory> <Directory /opt/phpmyadmin/libraries/> Require all denied </Directory> <Directory /opt/phpmyadmin/setup/lib/> Require all denied </Directory> <Directory /opt/phpmyadmin/setup/frames/> Require all denied </Directory> |
It’s not perfect by any means, but it gets the job done. I do find the syntax for the Elastic Beanstalk customisation files to be a bit messy for more complex tasks, and I’d like to make the Apache config file be conditionally deployed, but I can tweak it later.