Tableau cannot connect to the redshift server.
It displayed:
An error occurred while communicating with Amazon Redshift
Unable to connect to the server. Check that the server is running and that you have access privileges to the requested database.
Error Code: BC42EF73
could not connect to server: Operation timed out
Is the server running on host "redshift-cluster-1.cncrnka9xarv.us-east-2.redshift.amazonaws.com" (3.143.87.206) and accepting TCP/IP connections on port 5439?
I just followed the setup in AWS Redshift Connection with Tableau - YouTube but it fails. What's the reason?
The first thing you should check is the Security Group associated with the Amazon Redshift database, since the video did not reference it.
The Security Group should permit Inbound access from 0.0.0.0/0 on port 5439. Note that this makes your database accessible to anywhere on the Internet, which is not good from a security perspective. However, I couldn't find a reference to the range of IP addresses that Tableau Online uses.
If that doesn't help, then confirm that the Redshift database is in a public subnet. A public subnet is defined as having a Route Table entry pointing to an Internet Gateway.
Solving this error contains 2 steps:
download the AWS redshift ODBC drive from here
Follow what is given in this answer by #JohnRotenstein.
For doing that follow the following steps:
Go to the cluster with which you want to establish the connection.
Then go to "Properties" tab.
Then below there is a section named "Network and security settings" which has "VPC security group" tab and below that there is a link that will redirect you to Security group of the VPC.
Select the VPC and then select the "inbound rules" tab.
There will be a security group where under "source" there will be something starting with "sg-" which means all the connections to redshift from the internet is blocked and only the addressed with this origin will be able to connect with AWS which are EC2 instances.
There click on "Edit Inbound rules".
In the window that opened up, click the "Add rule" button.
Security group rule ID - This you do not need to set
Type - All traffic
Protocol - All
Port range - All
Source - Anywhere Ipv4(not recommended) so it will be set to "0.0.0.0/0".
Description[optional]
Here set the Source to the IPaddress from where the connection request is going to be made and not the above one.
For all other connection queries can be solved by following this link
Related
I'm trying to connect to a RDS database (used alongside Elastic Beanstalk) from PGAdmin. From the "Connectivity & security" tab on the db dashboard, I selected the VPC security group and then edited the inbound rules to include a new rule of type "All traffic" with "My Ip" as the source. But adding my ip to the inbound rules does nothing, I keep getting timeout: expired on PGAdmin.
From what I can see on other questions & answers, this seems to be the only required configuration to change, however it does not solve the problem for me.
Does anyone experienced this? What do I need to do to connect to the database from PGAdmin?
I have an AWS Lambda function for an API. I have a test function inside of the API that returns a "Success" string so I know that I can hit the API from my machine (Postman).
The Lambda API is inside of my VPC. I have public and private subnets. The API is living in the public subnets. I also have a RDS database that's living in the private subnets. I can connect to the database through a Bastion host so I know the database is connected and working.
When I try an API call that connects to the database, I can see an error in CloudWatch that says:
[Error] Amazon.Lambda.AspNetCoreServer.APIGatewayProxyFunction: Unknown error responding to request: MySqlException:
MySql.Data.MySqlClient.MySqlException (0x80004005): Unable to connect to any of the specified MySQL hosts. ---> System.InvalidOperationException: Sequence contains more than one matching element
There's a lot of references to that error message that talks about the Linq SingleOrDefault() method, but I don't have any references to that method.
I think that error has something to do with the security groups. I have an RDS security group that has an inbound rule on port 3306 from my internal VPC ip addresses.
The security group for my Lambda function should be ok since I can successfully hit the test route.
Finally, I tried connecting to the database through the API in debug on my machine and I get an error "The requested name is valid, but no data of the requested type was found"
Does anyone have any other ideas or places to look?
Can you check your this setting is enable or not for RDS Security group ?
Disclaimer : Allowing inbound traffic on DB from internet is not recommended and should always be avoided
My RDS database (that I was trying to connect to and read from using AWS Lambda) was also a MySQL database.
When I tested the Lambda function I was getting 'Unable to connect to any of the specified MySQL hosts' (after waiting -- like it was timing-out).
I reviewed the answer from #aviboy2006, which helped me. I tried all the Security Group rules shown in that answer. I found I was able to successfully connect-to and read from the RDS MySQL database when I defined both an Inbound and Outbound rule for the associated VPC Security Group as
Type: MYSQL/Aurora
Protocol: TCP
Port Range: 3306
Source: Custom: 0.0.0.0/0
I have created new EC2 instance set HTTP, HTTPS, SSH anywahere, get Pair, pem file, and tried to connect from window machine using putty.
Putty giving error:
Network Error: Network Error: Connection timeout error
I have tried same procedure from same laptop, same network, same firewall on different AWS account working fine.
Please help me to resolve this issue.
In security gruop I allowed SSH TCP 22 in inbound rule.
To troubleshoot the connection, see: Error connecting to your instance: Connection timed out
Overview:
Check security groups
Check route table
Check Network ACL
Check corporate network
Check CPU load
A timeout error normally indicates that your computer is unable to reach the target computer (as opposed to the target computer rejecting the connection).
Things to check:
The EC2 instance should be running Linux
The security group on the instance should be permitting inbound access on port 22 either from your IP address, or all IP addresses- The EC2 instance should be in a public subnet (defined as a subnet with a routing table entry pointing to an Internet Gateway)
The Network Access Control Lists (ACLs) are preferably unchanged
Your (corporate) network permits SSH access to the AWS network range
Given that you are able to connect to "a different AWS Account", it sounds like your laptop and local network configurations are find. It would have something to do with the instance, security group or VPC configuration.
Have you tried allowing connections on port 22?
Go to your EC2 Instance and click on it so the radio button turns
blue. Scroll down to the bottom and check for Security Groups.
Click on View Inbound Rules and see if Port 22 is enabled. If not
click on the link directly above View Inbound Rules. Screenshot below:
You will see the tabs as shown in the screenshot below:
Click on Edit then Add Rule Button.
Enter the values as shown in the screenshot below:
Click on Save then try connecting to your instance again.
If that does not work, once you go to your EC2 instance, there is a Connect button. Click on that and see a list of possible warnings why you might be unable to connect to your instance.
Check your security group rules. You need a security group rule that allows inbound traffic from your public IPv4 address on the proper port.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Instances, and then select your instance.
In the Description tab at the bottom of the console page, next to Security groups, select view inbound rules to display the list of rules that are in effect for the selected instance.
For Linux instances: When you select view inbound rules, a window will appear that displays the port(s) to which traffic is allowed. Verify that there is a rule that allows traffic from your computer to port 22 (SSH).
For Windows instances: When you select view inbound rules, a window will appear that displays the port(s) to which traffic is allowed. Verify that there is a rule that allows traffic from your computer to port 3389 (RDP).
I followed all the steps mentioned on here
to connect to Redshift through Workbench J.
I am not using SSH to connect, so have left SSH settings alone.
When I select Security after selecting Redshift, I see :
Your account does not support the EC2-Classic Platform in this region. Cluster Security Groups are only available when the EC2-Classic Platform is supported. Instead, use VPC Security Groups to control access to your clusters. Go to the EC2 Console to view your VPC Security Groups. For more information, see Amazon Redshift Documentation on Supported Platforms and Managing Clusters in VPC.
My cluster is under a Security Group which has the following Inbound rule :
Type: Redshift
Protocol: TCP
Port Range: 5439
Source: Custom 0.0.0.0/0 (Experimental, just to test,
I will replace this with my IP address)
When I do a Netstat on the host from my machine with -Pn. I get a
Host is up.
PORT STATE SERVICE
5439/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 2.22 seconds
I have already gone through several similar questions and none of these is working for me.
Double check your Security Group settings:
In the Redshift console, go to the Configuration tab.
Click on the link next to VPC security groups
Should take you to Security Groups in the EC2 console with the correct security group selected.
Select the Inbound tab for the security group and click the Edit button (a dialog box opens).
In the dialog box, click the Add Rule button then:
Select Redshift from the Type dropdown menu
Select Anywhere from the Source dropdown menu
Come back and change this to My Ip once your connection works!
Click the Save button (the dialog closes)
You now have 2 new Redshift rules (0.0.0.0/0 AND ::/0)
Then in SQL Workbench's "Select Connection Profile" dialog:
Click "Manage Drivers" at the bottom left and to add the Redshift JDBC driver.
SQL Workbench configures these automatically but check that Classname is like com.amazon.redshift.jdbc42.Driver and Sample URL is jdbc:redshift://host:port/name_of_database.
Next, configure the connection
Select the new Driver you just created from the drop down.
Copy the JDBC URL from the Redshift console Configuration tab and paste it into the URL field.
Must use the correct port: jdbc:redshift://my-cluster.asdfgh5jk8.us-east-1.redshift.amazonaws.com:5439/my-db
Add your Username and Password
Test the connection! (Bottom right)
Please let me know in the comments if this doesn't work for some reason and I'll help you get it working.
http://imgur.com/a/kzeVm
I have followed the guide, disabled my firewall, verified my security group allows access to everything (initially set to public). Still, 2 installs of mysql won't let ssms connect. No idea why this doesn't work
ACL
100
ALL Traffic
ALL
ALL
0.0.0.0/0
ALLOW
*
ALL Traffic
ALL
ALL
0.0.0.0/0
DENY
Security Group that my db is using
All traffic
All
All
sg-23ae465c (default)
postgres gives me
could not connect to server: Connection timed out (0x0000274C/10060) Is the server running on host "posttest.cnmcgcqc8rkx.us-east-1.rds.amazonaws.com" (52.2.0.231) and accepting TCP/IP connections on port 5432?
mysql can connect, might have to go with that
ecurity groups are not under RDS, they are under EC2's console. ACL's options are under VPC's console. This is not even mentioned in the guide. Seen someone connect on youtube with my exact settings...
This could be one of many things with the given information. The first thing I would check if you know your security groups are set up correctly is to open the port on the Network ACL Inbound Rules.