I have a spring boot application that is deployed to AWS Elastic Beanstalk and a Mongo database the is deployed on an EC2 instance.
I created two security groups: one for the EC2 instance and another one for Elastic Beanstalk to open the connection to each other.
However, the spring boot app still can't connect to Mongo (on the EC2 IP address).
Login to your AWS account and navigate to EC2 (Compute) dashboard.
Click the Security Group for the Ec2 instance in which MongoDB is installed
In the inbound tab, click edit
Add the private IP of the EC2 where beanstalk is running and the MongoDB port. This will allow the connectivity from your Spring boot application to MongoDB.
To test the connectivity, SSH into your EC2 where beanstalk is running and telnet the IP: port where MongoDB is running.
Related
I have a container application running on ECS Fargate (Network awsvpc), And tried to connect MySQL database set up on EC2 instance... But it is not happening.
I can connect same database (on EC2) from local machine with same containerized application running.
Trying so hard to solve this issue, if you know please help me.
Tried other things I know:
Security group inbound as ECS service security group (also tried opening all traffic access to EC2 instance)
ECS tasks running into private subnet or public subnet (EC2 and Fargate apps, all are in same VPC)
I am using Jenkins Fargate Plugin(https://plugins.jenkins.io/amazon-ecs/) for builds and push. I have an EC2 machine and in this machine I have Jenkins master, nexus repository and sonarqube. And with this jenkins fargate plugin I create fargate containers for jenkins workers. And this workers in same subnet in EC2 machine and same vpc. But when I use whistlist on 443 port for nexus and sonarqube created fargate container cant access to nexus and sonarqube but they are on same public subnet. What should I do for the connection. I use different security groups for EC2 machine and fargate conrtainers but subnets and vpc is same.
I need to close jenkins master nexus and sonarqube login pages so ı need to use whistlist right other way can close? what should I do for comminication fargate container and EC2 machine?
Update:
Subnet is public subnet.
Security group for fargate outbound rules is all open.
The error is "Connection time out".
I have my MongoDB deployed in an EC2 instance, nice and steady. I will (hopefully) have my Elastic Beanstalk load-balanced Web App launched soon using Docker. However, I feel like my Database is too sensitive to dockerize or beastalk-ize, so I wanna keep it in a plain EC2 instance.
My issue is with regard to the security groups. How can I create a security group that will only accept MongoDB traffic (port 27017) from the Elastic Beanstalk? Since EC2 instances will get created and destroyed arbitrarily, maybe I can get the least-common subnet of those?
When you create your Elastic Beanstalk application, you will choose a security group to assign to it's EC2 instances.
For your MongoDB security group, allow traffic on port 27017 for the EB EC2's security group. If done this way, then only EC2 instances using that security group can access the MongoDB instance.
Note, when accessing your MongoDB instance from your EB app's EC2 instance, makes sure you use the private IP address of the MongoDB instance, and not the public IP address. If you use the public IP address, then AWS doesn't recognize the connection as originating from the EB security group and will deny the connection.
I am quite new to Elastic Beanstalk and not very proficient with server administration, but I need to set up a Django project on Elastic Beanstalk connecting to external RDS MySQL database.
I have created a separate RDS MySQL database and I can connect to it using Sequel Pro on my computer without problems. Then I have my Django project which I try to put to Elastic Beanstalk, but unfortunately without luck. If I run the local Django server from my computer, the project is browsable and Amazon RDS MySQL is accessible. However, when I run
eb deploy
I get
django.db.utils.OperationalError: (2003, "Can't connect to MySQL server
on 'myapp-staging.xxx.eu-west-1.rds.amazonaws.com' (110)")
(ElasticBeanstalk::ExternalInvocationError)
If I login to the EC2 server via SSH
eb ssh
and then check the open ports with
netstat -lntu
I don't see MySQL's port 3306 there, so I guess it is blocked by firewall.
This is what I tried regarding permissions:
I went to RDS Dashboard -> Security Groups and created myapp-mysql-security-group with EC2 Security Group connection type pointing to EC2 security group used by Elastic Beanstalk EC2 instance “awseb-e-...”.
I went to EC2 -> Security Groups and for “awseb-e-...” I set the Inbound MySQL port with source 0.0.0.0/0
I went to VPC Dashboard -> Security Groups and created myapp-mysql-security-group with Inbound Rules of MySQL port with source 0.0.0.0/0.
Then I tried to redeploy, restart servers and even rebuild environment, but nothing helped. The MySQL port 3306 is still not open in the EC2 instances created by Elastic Beanstalk.
What am I doing wrong or what is missing?
MySQL port 3306 is only opened at the RDS instance (not in your EC2 instance). So, if you check on your EC2 instance, it should not listen on port 3306.
Things those you can do to check RDS is working:
Check your EC2 instance connection to RDS.
SSH to your instance (eb ssh) and run telnet myapp-staging.xxx.eu-west-1.rds.amazonaws.com 3306. You might need to install telnet first (yum install telnet).
If it's success, check your app.
If it's failed, check on next point.
Make sure your RDS and EC2 placement is correct:
For private only access RDS:
Make sure they are in same VPC and allow incoming connection in RDS from VPC's IP to 3306. For better performance, use IP address instead of Security Group name.
If they are on different VPC, you can create VPC Peering.
For public access RDS:
Same as above, allow incoming connection from VPC's IP.
Make sure EC2 instances are allowed to make outgoing connection to port 3306 in EC2 security group.
Make sure your EC2 host doesn't have denied 3306 rule in iptables.
If your EC2 and RDS in different VPC and you use private IP for your EC2, check the NAT server. Make sure you allow port 3306 to be proxified.
I have a node.js application running on an Amazon Elastic Beanstalk (EB) environment
in my app code I create an instance of memcached (my elastic cache) like this:
var Memcached = require('memcached');
var memcached = new Memcached('my-elastic-cache-configuration-endpoint:11211');
In creating my ElastiCache cluster I used the security group of the EC2 instance running my EB app.
And in that security group I have allowed inbound access on port 11211 as described here:
Amazon ElastiCache Step 3: Authorize Access
However my memcached ElastiCache is still not accessible from my app.
I have tested it locally to make sure the code is alright etc. and everything checks out.
Does anyone know what I may be missing?