Integrate an AWS RDS Database with Your Velo Site

Wix Data gives you powerful data storage and retrieval capabilities, as well as the ability to create and maintain your own data collections. But what if you have your own database already, or you want to host your data on a relational database?

The Velo Docs team has created a new tutorial that shows you how to set up a MySQL instance and database on AWS, set up the Wix adapter, and connect it to your Wix site. Check it out here: https://support.wix.com/en/article/integrate-your-aws-rds-database-with-your-velo-site

3 Likes

Hi Marlowe,

Any idea why there might only be 3 roles available and it doesn’t seem to include the AppRunnerRDSAccessRole?

Any help gratefully received! :slight_smile:

Luke

Hey Luke,

AppRunnerRDSAccessRole is the default role for app runner services, it should be
exists in every AWS account, but in case it doesn’t, a new role that will work with AppRunner can be created.

There are 2 ways to create a new role:
1. Creating a new role via AWS-CLI
2. Editing existing role to work with AppRunner service


Creating a new role via AWS-CLI:

  1. Create a file called trust-policy.json , and paste the next trust relationships specifies:
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "tasks.apprunner.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
  }
  1. Open your terminal in the directory where trust-policy.json is stored and use the create-role command.
aws iam create-role --role-name velo-external-db-adapter --assume-role-policy-document file://trust-policy.json 
  1. Then you should see the new role in the roles list and in the app runner configuration screen under security - instance role list, don’t forget to attach the needed permissions.

Editing existing role to work with AppRunner service:

  1. Create new role, no matter to what aws service
  2. Then look for it in the role list and click on it
  3. Click on the Trust relationships tab, and click on edit trust relationship.
  4. Paste the next Policy Document:
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "tasks.apprunner.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
  }
  1. Click on Update Trust Policy
  2. Attach the needed permission (according to the docs)

That’s it, you should see the role in app runner configuration screen under the security - instance list.


Let us know if you succeeded

Hi, I am trying to connect AWS RDS Database following the guide above, but get the following result, any clue?

Below is my config,

App Runner

IAM

Secrets

DB

Hey jenwei,

Thanks for reaching out, and for the detailed explanation.
From the pictures you sent, it looks like you’re in us-west-1 region.
But as far as I know, AWS App Runner is not available in US West -N. California (us-west-1).
Does the App Runner service run in a different region from the RDS instance and the Secret manger? If so, can you add REGION to the environment variable of the app runner service? the value should be the region of your secret, as it looks from the snapshots it should be us-west-1 .

Another option is to create a MySQL server and a secret in regions where App Runner is supported, for example, us-west-2.

Let us know if everything worked and if not do not be afraid to contact us again.

@maximp Hi, Thanks for your reply, It’s really helps a lot, I had successfully connect the db ard.
One more question, is it able to save the dataset on wix locally after I pull the database over from AWS?

FYI, I also need to add the SECRET_KEY at the Environment variables on App runner, to make everything’s works, and this wasn’t mention in the guide above.

Thanks again for your help

i managed to get the AppRunner role using the udpate - thanks for that but i am getting below message now, what could be wrong?

@jenwei Thank you for the update, regarding your question, there is no direct way to do it because this is not the purpose of the adapter, the purpose of the adapter is to be the “glue” between your site on Wix and your database.
but there is a way to save a “snapshot” of collections on your Wix site, open an external collection via the content manger and click the button with the three dots, it’s next to the add item button. (look at the screenshot below) and click on Export to CSV , then create a new collection in your site and import the items that you exported (you need to use the CSV file that you got from the export step)

Regarding the guide, I will ask the docs team to update the guide to include the missing environment variable.

Hey @support64935 ,
It seems that the adapter can’t to communicate with the database, can you provide more details about the database?
Is it in any VPC?
Does it have a public address?
Were you able to connect to a database through your computer?

Waiting for an update from you

hi Maxim Polski

I managed to solve it , recreated the whole thing from scratch and it worked fine. Mapped in Wix.
The issue now is, how do it use that mapped DB in wix code for wix queries? I tried to use it in normal ways using wixdata.query(“database”) and it gave me error as below

Hi folks!
Can I have some additional clarity on configuring permissions when integrating an AWS RDS db? Specifically, within my AWS Secrets Manager, can you provide a clearer example of a Key and a clearer example of a stringified Value when doing permissions? And what, if anything, should be done to modify the Configuration settings inside of the App Runner? I have not been able to get Permissions to work, and it seems as if it should be simple.

Thanks!
Nick

Hey Nick,

The instance role permissions should look like this:

and in the App Runner setup, this instance role should be attached to the app runner instance you are creating, as detailed in this guide .
Please note, that it is not possible to change the instance role after you have created the instance runner app.

Hey @support64935 ,

When you connected the adapter to a Wix website, you set namespace for the adapter, add this namespace before the collection name, when you use the wixData package.

wixData.aggregate("<nameSpace>/<collectionName>")

For example, let’s suppose that you set the name space for the adapter to be “aws-adapter” so the wixData. aggregate function should get “aws-adapter/Retail” as an argument.

I am facing the below Issue.

Everything given in configuration has been done except the below instance role in Security. It is showing could not find any roles where as in IAM Console it is declared.

@maximp can you tell me where I am wrong?

Instance role also added.

my rds engine is Aurora MySql and role is serverless. Should i change any config?

I am able to view AWS/MySQL DB content fine in preview mode, but not on the live site. I’m presuming the issue is that “permission config not defined”. Where is that setting in the AWS configuration? I’ve gone over everything a 1000 times. :tired_face: Please help. Thanks!

Hi,
You should add an environment variable called PERMISSIONS, it should be strigified object as documented here .

example for a valid value:

"{\"collectionPermissions\":[{\"id\":\"yourCollectionName\",\"read\":[\"Admin\",\"Member\",\"Visitor\"],\"write\":[\"Admin\",\"Member\",\"Visitor\"]}]}"

Yeeessss! You are my hero!! Thank you!!