How do I troubleshoot problems connecting to Amazon Aurora?

5 minute read
0

I am having issues when connecting to an Amazon Relational Database Service (Amazon RDS) cluster or instance that's running Amazon Aurora.

Short description

You might have issues when connecting to your Amazon Aurora DB cluster or instance for one of these reasons:

  • The Aurora DB cluster or instance is still being created and isn't yet in the available state.
  • The DB instance security group, ACLs, or a local firewall is blocking the connection from the source instance or its IP addresses.
  • Your Amazon Virtual Private Cloud (Amazon VPC) subnet's route table isn't allowing traffic from your machine or instance.
  • If you are connecting from your local machine using the public internet, then the instance might not be publicly accessible in a public subnet.
  • DNS name resolution is failing. This might happen if the client isn't connecting to the correct Aurora endpoint.
  • The Amazon RDS DB instance is undergoing instance recovery or failover. This might happen if there is an issue with the underlying hardware or database process.

Resolution

For help with resolving common connection problems, see How do I resolve problems when connecting to my Amazon RDS DB instance?

For Aurora DB clusters, be sure that your client is connecting to the correct endpoint. Amazon Aurora is a managed service, so you must connect to Aurora DNS endpoints using MySQL or PostgreSQL client tools.

Verify your connection to the Aurora endpoint

Check that you are connecting to the correct Aurora endpoint.

To verify the cluster writer, reader, and custom endpoints that your client is currently connecting to, follow these steps:

1.    Open the Amazon RDS console.

2.    Choose Databases from the navigation pane.

3.    Choose your DB cluster from the group of resources. Then, review the cluster details under the endpoint section of Connectivity & Security.

4.    Verify connectivity to the endpoint using telnet / nc:

telnet <RDS endpoint> <port number>
nc -vz <RDS endpoint> <port number>

Example results of telnet:

[root@ip-172-XX-X-XX ~]# telnet postgres.cluster-XXXXXXX.us-east-1.rds.amazonaws.com 5432
Trying 172.XX.X.XX...
Connected to postgres.cluster-XXXXXXX.us-east-1.rds.amazonaws.com.

Example results of netcat:

[root@ip-172-XX-X-XX ~]# nc -vz postgres.cluster-XXXXXXX.us-east-1.rds.amazonaws.com 5432
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 172.XX.X.XX:5432.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

5.    After you connect, verify that you are connected to reader or writer endpoint by running this command, depending on the engine you're using:

"SHOW GLOBAL VARIABLES LIKE 'innodb_read_only';"  --> MySQL
"SHOW transaction_read_only;" --> PostgreSQL

See these example outputs from the writer and reader from Amazon Aurora PostgreSQL-Compatible Edition.

Writer:

postgres=> SHOW transaction_read_only;
 transaction_read_only
-----------------------
 off
(1 row)

Reader:

postgres=> SHOW transaction_read_only;
 transaction_read_only
-----------------------
 on
(1 row)

See these example results from the writer and reader from Amazon Aurora MySQL-Compatible Edition.

Writer:

SHOW GLOBAL VARIABLES LIKE 'innodb_read_only';
innodb_read_only | OFF

Reader:

SHOW GLOBAL VARIABLES LIKE 'innodb_read_only';
innodb_read_only | ON

If the variable is set to ON, then you are connected to an Aurora replica. If the variable is set to OFF, then you are connected to the primary instance.

Set up an automatic connection to your DB instance from an Amazon EC2 instance

You can establish a connection to your DB instance from an Amazon Elastic Compute Cloud (Amazon EC2) instance. To do, use the Set up EC2 connection option from the Amazon RDS console.

Before you set up this connection, make sure that the EC2 instance exists in the same VPC as your DB instance. If there is no EC2 instance in the same VPC as your DB instance, then launch a new EC2 instance in the subnet using the console.

Make sure that the user that you are using to set up the connection has the correct permissions:

  • ec2:AuthorizeSecurityGroupEgress
  • ec2:AuthorizeSecurityGroupIngress
  • ec2:CreateSecurityGroup
  • ec2:DescribeInstances
  • ec2:DescribeNetworkInterfaces
  • ec2:DescribeSecurityGroups
  • ec2:ModifyNetworkInterfaceAttribute
  • ec2:RevokeSecurityGroupEgress

After you confirm the permissions, set up the automatic connection by configuring your DB instance:

1.    Open the Amazon RDS console.

2.    In the navigation pane, choose Databases, and then choose your DB instance. If you are using an Aurora database, then choose the cluster instead.

3.    For Actions, choose Set up EC2 connection.

4.    On the Set up EC2 connection page, choose the EC2 instance that you want to connect to your DB instance or cluster from. If no EC2 instances exist in the same VPC, then choose Create EC2 instance to create one. In this case, make sure that the new EC2 instance is in the same VPC as your DB instance or cluster.

5.    Choose Continue.

6.    On the Review and confirm page, review the changes that Amazon RDS will make to set up connectivity with the EC2 instance. If the changes are correct, then choose Set up connection.


Related information

Can't connect to Amazon RDS DB instance

Security in Amazon RDS

Security in Amazon Virtual Private Cloud

Connecting an EC2 instance and RDS database automatically

AWS OFFICIAL
AWS OFFICIALUpdated a year ago