I have a question about connecting ECS container with RDS MySQL.
First of all, if the ECS container instance and the RDS database are in the same subnet, is it possible to connect as long as port 3306 for the container instance IP band is opened in the RDS security group?
And second, I have one container with port 10080 running in the ECS container instance, and when creating ECS, I used the bridge mode to connect the ALB to 10080:10080. Does this have something to do with the problem of not being able to connect to RDS?
I am using ECS for the first time, but the connection between the container running in ECS and the RDS database is not established.
The container instance is connected to RDS through telnet, but when the container is running, the task is dying with an error that the connection to the database is not possible.
Related
I have a container application running on ECS Fargate (Network awsvpc), And tried to connect MySQL database set up on EC2 instance... But it is not happening.
I can connect same database (on EC2) from local machine with same containerized application running.
Trying so hard to solve this issue, if you know please help me.
Tried other things I know:
Security group inbound as ECS service security group (also tried opening all traffic access to EC2 instance)
ECS tasks running into private subnet or public subnet (EC2 and Fargate apps, all are in same VPC)
Memory DB Cluster configured, connected with an EC2 instance within same VPC. but cannot telnet Memory DB Cluster even when connected via vpn where as from EC2 instance, telnet and redis-cli both works.
Configured VPN via OpenVPN and connected. I can access EC2 instance [telnet etc] via private IP when connected with VPN, but could not connect with Memory DB cluster. need to connect my developer machine to be connected with DB Cluster to proceed.
tried to find any private IP of cluster or something by which i can connect but couldn't.
Instead of VPN it would be easy to do ssh tunnelling to do port forwarding for development purposes . Create a bastion host and ssh tunnel and forward the Memory db port. you can follow the instructions which were done for RDS port forward https://aws.amazon.com/premiumsupport/knowledge-center/rds-connect-using-bastion-host-linux/
A node server is running on Fargate ECS. The server needs to connect to a Redis database when it starts using node-redis.
The ECS service and the ElasticCache Redis is in the same VPC, and they are in the same private IP range (10.0.0.x, 10.0.0.y).
However, connection timeout error is always returned.
Also, I created a EC2 instance within the same VPC, and successfully connected to the Redis service.
Please help, thanks a lot.
I'm trying to connect to my aurora serverless but every time I try to do it I receive this error:
2021/03/18 17:10:00 error verifying database connection is alive: dial tcp 10.247.15.113:3306: connect: operation timed out exit status 1
I created a VPC, subnets and security groups.
VPC -> 10.247.0.0/20
4 Subnets -> 10.247.0.0/22, 10.247.8.0/22, 10.247.4.0/22 and 10.247.12.0/22
Security group -> Lives inside my VPC and as inbound has port SSH 22 for 0.0.0.0/0 and MYSQL/Aurora 3306 for my EC2 instance IP address. Outbound has all traffic
Using ssh in a database client works but inside my code I receive the error I mentioned, I also tried doing telnet and I receive another operation timed out.
I know this may be something related to the networking but not sure why since I can connect via ssh with an EC2 instance. What can it be?
Your guide is for RDS. It does not apply to Aurora Serverless (AS). Specifically AS can't be accessed from internet. So you can't connect to it directly from home:
You can't give an Aurora Serverless v1 DB cluster a public IP address. You can access an Aurora Serverless v1 DB cluster only from within a VPC.
You have to connect to it from within a VPC, e.g. EC2 instance, ECS container or a lambda function.
The only way to connect to it from home is to use RDS DataAPI, or setup ssh tunnel or VPN between your home network and your VPC.
Due to organizational restrictions all EC2 instances must be spun up inside a VPC. I am running Packer from an on prem server (via a Jenkins pipe) and during the image creation, it spins up an EC2 instance inside this VPC which is assigned a private IP.
Back on my on prem server, Packer is waiting for the instance to start up by querying the private IP assigned to it and there is no connectivity between the on prem Jenkins server and the EC2 instance spun up by Packer. Therefore the process hangs is stuck at Waiting for WinRM to become available forever.
Is there a workaround to this?
I am using the builder of type amazon-ebs
A bastion host on public subnet my help you in this case. You can find the Packer configuration for bastion host here: https://www.packer.io/docs/builders/amazon-ebs.html#communicator-configuration