So I'm stuck in a problem, the hassle is I'm getting a connection timeout error after connecting to an elasticache endpoint using aws lambda and nodejs.
My aws lambda function is not using any vpc but an elasticache function of course has VPC and I already made it public by setting up the inbound traffic and outbound traffic rules.
Also I tried it on my local server and was not able to find elasticache endpoint msg by using OVPN.
How to connect redis from elasticache in nodejs.
I would really appreciate it if any of the people can give me a helping hand to solve this problem.
Thanks
Related
My cloud functions server needs to access to external service and ip adress needs to be applied to the system prior to access to the service. Since it is serlverless, cloud functions does not have static ip adress. I have searched the way to give static ip adress to cloud functions and it was serverless VPC access at GCP VPC network.
Image below shows my VPC creation.
Cloud functions VPC connection setting is at below
Cloud functions works fine before setting VPC connection. After VPC connection setup, error below is occured.
Do I need any other setting for VPC connection? or do I need to do something with my server code to get rid of 408 timeout error?
If you know anything about this problem, please share your knowledge. Thank you
I'm new with golang.
I've been looking documentation of lambda-golang-AWS and still had this timeout in when invoking the function.
I've been configuring:
Elasticache cluster (1 primary node),
VPC (one same VPC for redis and lambda),
Security groups,
Subnets,
Inbound and outbound,
role
I have this primary Redis endpoint xxxxxx
I just need an example.
So, my questions are:
Can we connect Redis in Linux without an EC2 instance? Possibly try it with RDM.
How do we put AWS redis's endpoint in the main function? (do we only need the endpoint? or else)
Is it possible to connect to Redis Elasticache with only endpoint (without AUTH)?
Thanks a lot!
Can we connect Redis in Linux without an EC2 instance?
Yes, of course, why would an EC2 instance be an additional requirement? You just need to include a Redis client library in your Lambda function's deployment artifact, and configure the Elasticache cluster to allow inbound traffic from the security group assigned to the Lambda function.
How do we put AWS redis's endpoint in the main function? (do we only
need the endpoint? or else)
I would configure the endpoint as one of the Lambda function's environment variables.
Is it possible to connect to Redis Elasticache with only endpoint
(without AUTH)?
If you don't enable AUTH on Elasticache, then you can connect without AUTH. AUTH is an optional configuration setting.
I am trying to connect to an Amazon RDS (Postgres) instance from an EC2 server via a NodeJS application using the pg npm package. The error I am receiving an error (note i'm hitting my node backend via a react app):
OPTIONS /users/login 200 0.424 ms - 2
Error fetching client from pool Error: Connection terminated due to connection timeout
I have tested the app locally and everything works perfectly (including connecting to RDS), but as soon as I run the app on the server I can't connect.
To simplify the problem, I have just typed my credentials explicitly into the NodeJS route file so I know there's no issues with environment variables etc. I then pushed my code to the server, pulled it as-is, and ran it. No luck. From a connection perspective, I just create a pool (require pool from pg) and then use pool.connect and client.query to make the request.
I feel like given that it works locally that the issue is an AWS one with my networking/security groups, but I feel like I have tried everything:
Ensured the db is set to public
Created a fresh security group and added it to EC2 and to RDS
Completely opened the ports (inbound and outbound)
Created a VPC and added to both EC2 and RDS
Checked the inbound/outbound are open on the VPC subnet NACL
Any help would be much appreciated. I am going insane
Connect to your server and try to debug the connection with telnet or a PostgreSQL client.
The most common mistakes for this error are:
RDS Security Group does not allow incoming connections from your VPC range or for the public EC2 server IP (in the case of a public database).
RDS subnet does not allow outgoing connections in NACL. Keep in mind that only the first connection occurs in the port you define in RDS, the other connections occur on other ports; but I think this is not your case once you said you could connect locally.
RDS Route Table doesn't allow connections from outside the VPC. But, again, I think that's not your case.
EC2 Security Group does not allow outgoing connections to the RDS. This case is a little trickier but it can happen if you don't set the SG properly.
The last case is that your EC2 server subnets do not allow connections to the internet. You said that you can connect locally, so I imagine that your RDS is properly set to allow public connections; however, you can have the case that you didn't connect an Internet Gateway or a NAT Gateway in your EC2 server Route Table or didn't properly configure the NACL to allow inbound/outbound connections from the internet.
I am trying to connect to my Redshift database (located in N. Virginia region) from Lambda function (located in Ireland region). But on trying to establish a connection, I am getting timeout error stating:
"errorMessage": "2019-10-20T13:34:04.938Z 5ca40421-08a8-4c97-b730-7babde3278af Task timed out after 60.05 seconds"
I have closely followed the solution provided to the AWS Lambda times out connecting to RedShift but the main issue is that the solution provided is valid for services located in same VPC (and hence, same region).
On researching further, I came across Inter-region VPC Peering and followed the guidelines provided in AWS Docs. But after configuring VPC Peering also, I am unable to connect to Redshift
Here are some of the details that I think can be useful for understanding the situation:
Redshift cluster is publicly accessible, running port 8192 and has a VPC configured (say VPC1)
Lambda function is located in another VPC (say VPC2)
There is a VPC Peering connection between VPC1 and VPC2
CIDR IPv4 blocks of both VPCs are different and have been added to each other's Route tables (VPC1 has 172.31.0.0/16 range and VPC2 has 10.0.0.0/16 range)
IAM Execution role for Lambda function has Full Access of Redshift service
In VPC1, I have a security group (SG1) which has an inbound rule of type: Redshift, protocol: TCP, port: 5439 and source: 10.0.0.0/16
In VPC2, I am using default security group which has outbound rule of 0.0.0.0/0
In Lambda, I am providing private IP of Redshift (172.31.x.x) as hostname and 5439 as port (not 8192!)
Lambda function is in NodeJS 8.10 and I am using node-redshift package for connecting to Redshift
After all this, I have tried accessing Redshift with both public IP as well as through its DNS name (with port 8192)
Kindly help me out in establishing connection between these services.
Recently I have been considering using MongoDB Atlas for a deployment which is fairly heavy in the DB department and also on the Node.JS server side.
Whereas I am quite familiar with the normal NAT Gateway--> VPC layout on AWS, in all my research on Atlas I have been left terribly confused about some really important specifics.
I am incredibly confused as to how to implement a NodeJS server with MongoDB Atlas. If I set up my own NAT Gateway & VPC on AWS with all the servers, replicas, shards etc. then I know exactly where my entry point is, where my NodeJS server is on that zone and how to replicate etc. But if use this scenario then I lose all the comfort and time-saving which Atlas affords me, not to mention the headaches of scalability etc.
However, in all the Atlas documentation, I can only find how it sets up Atlas on a VPC. I cannot figure out, (maybe my brain cells are not working), where in all this configuration the Node server would go? Or can one set up a NAT Gateway and VPC and then place an Atlas controlled MongoDB setup behind it?
The architecture with Atlas has me confused. Where do you set up your servers so they are also secure? Do I need to create a second NAT Gateway and VPC just for my Node server app? If so do I require VPC peering?
If this is dumb, please excuse the question. But before I begin a setup which will cost the company a good deal of money, I need to be clear on exactly what the layout is.
Thanking all who can handle this question in advance as any and all pointers here would be greatly appreciated.
MongoDB Atlas
You can create a VPC Peering Connection from MongoDB Atlas VPC to a VPC in your AWS account where you have your NodeJS EC2 instances running. Check the documentation Introducing VPC Peering for MongoDB Atlas for more details.
Your Custom MongoDB Cluster
Setting up MongoDB with best practices will require creating public and private subnets in the VPC while placing the database cluster in the private subnet. It will also involve having a NAT server in the public subnet for the MongoDB cluster to forward egress traffic keeping it secure within the VPC.
Reference: AWS Quick Start for MongoDB
However this can be challenging if you are new to AWS. To simplify the work use a AWS Quick Start for AWS Quick Start for MongoDB which will create the required architecture with best practices.
After provisioning the MongoDB Cluster, you can provision a NodeJS Web Server using one of the following options,
Using Elastic Beanstalk to place the NodeJS Servers with AutoScaling and Load Balancing with Best Practices.
Setup an Application Load Balancer, AutoScaling Group and NodeJS EC2 instance Launch Configuration inside the VPC to manually.
Create a EC2 template (Newly introduced) with required configuration.
Manually setup a server inside the VPC.
Note: If you place your NodeJS Web Servers in Private Subnet, make sure you create a public load balancer and configure the subdomains where NodeJS We Servers are allowed for load balancer as well so that it can route traffic to any subnet where the automated provisioning places the NodeJS Web Servers.