I have a nodejs script which connects to an Oracle DB which is in a private VPC. I can run this script without any issues on my machine, and in a lambda. I need to run this from Github Action. I have stored DB_USER, DB_PASSWORD AND DB_CONNECTION in SECRETS and passing them to the js script. I am reading them as process.env.... in my script. I have verified the values. But when I try to get the connection, it never connects and times out after 60 seconds printing this error:
Request exceeded "transportConnectTimeout" of 60 seconds.
If I have the DB credentials, but if the DB is in an AWS account in its own private VPC, do I need to do anything else to access it in Github Actions?
Thank you for any help!!
My yaml script:
name: DB Connection
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
environment: dev
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2 # Set up Node.js
with:
node-version: '20.9'
- name: Install dependencies
run: npm install
- name: Run JS
env:
DB_USER: ${{ secrets.DB_USER }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
DB_CONNECTION: ${{ secrets.DB_CONNECTION }}
run: node ./src/test-db-connection.js
My JS (test-db-connection.js):
import oracledb from 'oracledb';
async function testConnection() {
let connection;
try {
connection = await oracledb.getConnection({
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
connectString: process.env.DB_CONNECTION,
});
console.log("Database connection successful!", connection);
} catch (err) {
console.error("Database connection failed:", err.message);
} finally {
if (connection) {
try {
await connection.close();
} catch (err) {
console.error('Error closing the connection:', err);
}
}
}
}
testConnection();
Github Action runner is outside of your VPN so the connection cannot be established. Consider to do one of following:
VPN Connection: Establish a VPN link between the GitHub Actions runner and the AWS VPC, enabling secure, direct access to the database.
AWS SSM with EC2: Utilise AWS Systems Manager to remotely execute the script on an EC2 instance within the VPC, functioning as an intermediary.
Lambda Proxy: Configure a Lambda function within a public subnet to serve as a proxy, securely relaying requests to the Oracle database.
AWS PrivateLink: Set up an AWS PrivateLink endpoint, allowing secure external access to the database without exposing it to the public internet.
Self-Hosted Runner: Deploy a self-hosted GitHub Actions runner directly within the VPC, granting direct access to the database.
Each solution varies in complexity and associated costs, so select the option best suited to your network architecture and security requirements.