A node server is running on Fargate ECS. The server needs to connect to a Redis database when it starts using node-redis.
The ECS service and the ElasticCache Redis is in the same VPC, and they are in the same private IP range (10.0.0.x, 10.0.0.y).
However, connection timeout error is always returned.
Also, I created a EC2 instance within the same VPC, and successfully connected to the Redis service.
Please help, thanks a lot.
Related
I have a container application running on ECS Fargate (Network awsvpc), And tried to connect MySQL database set up on EC2 instance... But it is not happening.
I can connect same database (on EC2) from local machine with same containerized application running.
Trying so hard to solve this issue, if you know please help me.
Tried other things I know:
Security group inbound as ECS service security group (also tried opening all traffic access to EC2 instance)
ECS tasks running into private subnet or public subnet (EC2 and Fargate apps, all are in same VPC)
I have prometheus task running on ECS Fargate and an EC2 instance where I installed Influxdb to store prometheus metrics for data persistence in case of prometheus ECS task restarts.
I configured remote read and remote write URL's in prometheus.yml and deployed it.
Here when I opened 8086 port from anywhere the connectivity from ECS task to EC2 VM happening successfully and data is written into InfluxDB. But when I changed the security group to open 8086 port only for the security group where EC2 VM and ECS task are running then I am getting error as -
ts=2022-09-23T04:40:18.441Z caller=dedupe.go:112 component=remote level=warn remote_name=33b2e7 url="http://x.x.x.x:8086/api/v1/prom/write?db=prometheus" msg="Failed to send batch, retrying" err="Post \"http:/x.x.x.x:8086/api/v1/prom/write?db=prometheus\": context deadline exceeded"
Both ECS cluster and EC2 VM are in same VPC and same security group.
I have a question about connecting ECS container with RDS MySQL.
First of all, if the ECS container instance and the RDS database are in the same subnet, is it possible to connect as long as port 3306 for the container instance IP band is opened in the RDS security group?
And second, I have one container with port 10080 running in the ECS container instance, and when creating ECS, I used the bridge mode to connect the ALB to 10080:10080. Does this have something to do with the problem of not being able to connect to RDS?
I am using ECS for the first time, but the connection between the container running in ECS and the RDS database is not established.
The container instance is connected to RDS through telnet, but when the container is running, the task is dying with an error that the connection to the database is not possible.
Basically, I'm follow these two guides:
Deploying Hasura on AWS with Fargate, RDS and Terraform
Deploying Containers on Amazon’s ECS using Fargate and Terraform: Part 2
I have:
Postgres RDS Database deployed in 'Multi-AZ'
My python/flask app deployed in Fargate across multiple AZ's
I run a migration inside the task definition before the app
ALB Load balancing between the tasks
Logging for RDS, ECS and ALB into Cloudwatch Logs.
A NAT gateway with an Elastic IP for each private subnet to get internet connectivity
A new route table for the private subnets
NO certificates
I use terraform 0.12 for the deploy.
The repository is on ECR
But...
My app can't connect to the RDS database:
sqlalchemy.exc.OperationalError
(psycopg2.OperationalError): FATAL: password authentication failed for user "postgres"
These are the logs on pastebin-logs
I've already tried changing the password to a very simple one, before deploy, on the console directly, opening ports, turning access public, changing private to public subnet, etcetera, etcetera...
Please, I have a week with this error!!!
UPDATE
I inject the database credentials in this way:
pastebin-terraform
I cannot comment, but I mean this as a comment.
What does the security group egress look like on your ECS service that runs the task? You need to make sure it can talk to the RDS, usually on port 5432.
I have created a redis endpoint on amazon elastic cache and also setup vpc & NAT gateway. I need to connect created redis endpoint with redis-cli. i using command like this
redis-cli -h dev-redis.434dffsdsf.0094.ustyue1.cache.amazonaws.com
But i got error message like this
Could not connect to Redis at dev-redis.a35gy4.0001.use1.cache.amazonaws.com:6379: Connection timed out
I tried with several ways
tried to connect from my local ubuntu machine.
tried to connect from a ec2 instance.
My source code is running on aws lambda. Using aws lambda we can successfully connect to the same redis endpoint.
What is the actual issue with my redis client?
Please check SG of ElastiCache. Redis instance should be accessible to server where you're running Redis CLI.
Option 1 will not work, as ElastiCache instances are not accessible outside of their VPC. From the FAQs: "Amazon ElastiCache Nodes, deployed within a VPC, can never be accessed from the Internet or from EC2 Instances outside the VPC."
Option 2 should work, if the EC2 instance is within the same VPC as the ElastiCache instance.
Adding more details as none of the answers here gave me full clarity
What is security group - security group in AWS is like a firewall.
What should I check in the security group - Check in inbound rules of the security group attached to the Redis if port 6379 is open to IPs within the CIDR (e.g. 192.168.32.0/20) of the EC2 instance from which you tried to access the Redis/ElasticCache