A feature we've been working on for a while now, and which very we're excited about here at Idealstack is point-and-click database management.  It's a core feature of most other hosting consoles, and we think it's probably something most people would want versus using the commandline to interact with Mysql.

How do I use it?

The new database management tool is enabled by default, but you'll need to redeploy your stack to get it to actually apply to your live AWS account:

Once the stack update has applied you can access the database manager for a given site under the site's Connect tab (you can also find it under the Stack)

Then click Database Manager

This will take you to the database manager

 

Where you can run queries, create and drop databases, manage database users and so forth

 

What if I don't want it?

Other popular hosting consoles such as plesk and cpanel all provide a similar tool, so we've opted to turn it on by default,  but there's a couple of reasons why you might not want it:

  • Security through obscurity - it allows anyone with access to the Idealstack hosting console (easy) access to your database.  Note that users with access to idealstack already had access through SSH, and will even if you turn off this GUI, but the GUI obviously makes it a step simpler for less skilled bad-actors to compromise your database
  • Resources - the database management system runs on your AWS stack, and so uses a small amount of resources.  However particularly if you are trying to run on the AWS free tier with severe usage restraints, turning it off might save some resources.  You might even turn it on when you need it and then off again when you are done.

You can turn it off under the stack settings.  Click to open the "Optional Features" panel and uncheck the option.

How does it work?

Let's face it, we're all PHP geeks here, so you might be interested in the details of how we built this.

We're using the popular open-source database management tool Adminer, which is simple and secure. Adminer is wrapped up in a docker image and will be rolled out as a seperate service on your ECS Cluster, like your other sites are.    We haven't used the more popular PHPMyAdmin for a couple of reasons - Adminer also supports other database types that we are planning to add in the future, it is small and lightweight and presents a smaller security target. 

Creating a way to do this securely has been one of our key concerns in building this feature. There's a couple of things we've done to make things secure 

  • The database management system is behind single-sign-on using your Idealstack username/password.   We code in Laravel, so we extended Laravel's OAuth2 server functionality with support for the OpenID Connect single sign on protocol.
  • The single-sign-on is implemented in the webserver rather than into Adminer, so we aren't forced to trust the security of an open source DB management system's security features. There's a number of benefits to this versus just implementing signin in PHP code, the main one being that even if there is a zero-day security flaw in Adminer your still pretty safe - attackers on the open internet don't have any way to access it.
  • Idealstack will automatically register an SSL certificate for it in Amazon ACM so that everything is protected by HTTPS
  • The DB management tools runs on your own hosting stack, so it doesn't involve opening up any firewalls or security groups for the database to outside access.

 

We hope you find this feature useful.  If you've got any questions or feedback about it we'd be happy to hear them, just email us on support@idealstack.io

 

Idealstack is the ideal way to run PHP on AWS.  A fault tolerant, autoscaling hosting cluster, which transparently cluster-enables your sites and apps in your own AWS account, all controlled from an easy to use web control panel.

How it works

Signup Now For Free