Parallel Documentation

Appearance

AWS Database Access

This section covers how to connect to Parallel's databases through AWS bastion hosts using port forwarding.

Parallel Config

bash
# Configuration
typeset -A _PARALLEL_CONFIG
_PARALLEL_CONFIG=(
  # Bastion instances
  [bastion_prod]="i-0430e03b4e1c1bbdd"
  [bastion_staging]="i-0f052721e4ba2c318"

  # RDS cluster identifiers
  [rds_suffix_prod]="clwscu6m8xeq.eu-west-3.rds.amazonaws.com"
  [rds_suffix_staging]="c5wmseg8am3n.eu-west-3.rds.amazonaws.com"

  # Environment prefixes
  [prefix_prod]="parallel-euw3-prod"
  [prefix_staging]="parallel-euw3-staging"

  # Default local port ranges (prod: 554xx, staging: 654xx)
  [port_base_prod]="55432"
  [port_base_staging]="65432"
)

Connection Scripts

Add these scripts to your .zshrc file for easy database access:

bash
# ============================================
# Database Connections (via Bastion)
# ============================================

# Database port offsets
typeset -A _DB_PORT_OFFSET
_DB_PORT_OFFSET=(
  [coding]=0
  [valuation]=1
  [codingsnapshot]=2
  [dashboard]=3
  [screenflow]=4
  [guacamole]=5
)

# Generic function to connect to any database
_connect-db() {
  local ENV="$1"
  local DB_NAME="$2"
  local CUSTOM_PORT="$3"
  local VERSION="$4"

  aws-sso-util login --profile "parallel_${ENV}"
  export AWS_PROFILE="parallel_${ENV}"

  local BASTION="${_PARALLEL_CONFIG[bastion_${ENV}]}"
  local RDS_SUFFIX="${_PARALLEL_CONFIG[rds_suffix_${ENV}]}"
  local PREFIX="${_PARALLEL_CONFIG[prefix_${ENV}]}"
  local PORT_BASE="${_PARALLEL_CONFIG[port_base_${ENV}]}"
  local PORT_OFFSET="${_DB_PORT_OFFSET[${DB_NAME}]:-0}"

  local HOST="${PREFIX}-${DB_NAME}-db${VERSION}.${RDS_SUFFIX}"
  local LOCAL_PORT="${CUSTOM_PORT:-$((PORT_BASE + PORT_OFFSET))}"

  echo ""
  echo "🗄️  Connecting to ${DB_NAME} database (${ENV})..."
  echo "   Host: ${HOST}"
  echo "   Port: 5432 → localhost:${LOCAL_PORT}"
  echo ""

  aws ssm start-session \
    --target "$BASTION" \
    --document-name "AWS-StartPortForwardingSessionToRemoteHost" \
    --parameters "{\"host\":[\"${HOST}\"],\"portNumber\":[\"5432\"],\"localPortNumber\":[\"${LOCAL_PORT}\"]}"
}

# ================== PROD ==================
connect-coding-db-prod() { _connect-db "prod" "coding" "$1" "2"; }
connect-valuation-db-prod() { _connect-db "prod" "valuation" "$1"; }
connect-codingsnapshot-db-prod() { _connect-db "prod" "codingsnapshot" "$1"; }
connect-dashboard-db-prod() { _connect-db "prod" "dashboard" "$1"; }
connect-screenflow-db-prod() { _connect-db "prod" "screenflow" "$1"; }
connect-guacamole-db-prod() { _connect-db "prod" "guacamole" "$1"; }

# ================ STAGING =================
connect-coding-db-staging() { _connect-db "staging" "coding" "$1" "2"; }
connect-valuation-db-staging() { _connect-db "staging" "valuation" "$1"; }
connect-codingsnapshot-db-staging() { _connect-db "staging" "codingsnapshot" "$1"; }
connect-dashboard-db-staging() { _connect-db "staging" "dashboard" "$1"; }
connect-screenflow-db-staging() { _connect-db "staging" "screenflow" "$1"; }
connect-guacamole-db-staging() { _connect-db "staging" "guacamole" "$1"; }

## Usage

After adding the scripts to your `.zshrc`:

1. Reload your shell: `source ~/.zshrc`
2. Run the appropriate connection function
3. Connect to the database using the local port

Note that you'll find the password to connect to the database within AWS secrets manager

## SSL Configuration

The application uses SSL by default for database connections (required for AWS RDS). However, local databases typically don't support SSL connections.

### Local Development

If you're connecting to a local database that doesn't support SSL, you **must** explicitly disable SSL by adding `disable_ssl=true` to your connection string:

postgresql://postgres:postgres@localhost:5432/coding?schema=public&disable_ssl=true


**Important**: Without `disable_ssl=true`, the application will attempt to use SSL and you'll encounter errors like:

- `Error opening a TLS connection: The server does not support SSL connections`

### Production/Staging

For production and staging environments (AWS RDS), SSL is enabled automatically. The connection string should **not** include `disable_ssl=true`. The application will handle SSL with self-signed certificates automatically.

## Prerequisites

- AWS credentials configured (see [Connectivity](./connectivity.md))
- AWS CLI installed
- `aws-sso-util` package installed
- Database client (e.g., pgAdmin, DBeaver, or psql)