I am trying to connect to an Amazon RDS (Postgres) instance from an EC2 server via a NodeJS application using the pg npm package. The error I am receiving an error (note i'm hitting my node backend via a react app):
OPTIONS /users/login 200 0.424 ms - 2
Error fetching client from pool Error: Connection terminated due to connection timeout
I have tested the app locally and everything works perfectly (including connecting to RDS), but as soon as I run the app on the server I can't connect.
To simplify the problem, I have just typed my credentials explicitly into the NodeJS route file so I know there's no issues with environment variables etc. I then pushed my code to the server, pulled it as-is, and ran it. No luck. From a connection perspective, I just create a pool (require pool from pg) and then use pool.connect and client.query to make the request.
I feel like given that it works locally that the issue is an AWS one with my networking/security groups, but I feel like I have tried everything:
Ensured the db is set to public
Created a fresh security group and added it to EC2 and to RDS
Completely opened the ports (inbound and outbound)
Created a VPC and added to both EC2 and RDS
Checked the inbound/outbound are open on the VPC subnet NACL
Any help would be much appreciated. I am going insane
Connect to your server and try to debug the connection with telnet or a PostgreSQL client.
The most common mistakes for this error are:
RDS Security Group does not allow incoming connections from your VPC range or for the public EC2 server IP (in the case of a public database).
RDS subnet does not allow outgoing connections in NACL. Keep in mind that only the first connection occurs in the port you define in RDS, the other connections occur on other ports; but I think this is not your case once you said you could connect locally.
RDS Route Table doesn't allow connections from outside the VPC. But, again, I think that's not your case.
EC2 Security Group does not allow outgoing connections to the RDS. This case is a little trickier but it can happen if you don't set the SG properly.
The last case is that your EC2 server subnets do not allow connections to the internet. You said that you can connect locally, so I imagine that your RDS is properly set to allow public connections; however, you can have the case that you didn't connect an Internet Gateway or a NAT Gateway in your EC2 server Route Table or didn't properly configure the NACL to allow inbound/outbound connections from the internet.
Related
I created a web application and mounted it on an EC2 Windows instance.
Since it is created with Node.js Express and I didn't touch anything about localhost or port stuffs,
it is being listened on the port 3000 on npm start.
After I did npm start on the EC2 instance, then I can access it by "localhost:3000" within the EC2.
But when I try to access it from outside the EC2 with its public IP, like ip_address:3000, it keeps returning connection timed out error.
As I wrote in the title, I added a custom TCP security group that makes the instance opened for any IP addresses and with port 3000 but it still doesn't work.
What can I do? What am I possibly missing?
Thanks in advance.
Couple of things could be going wrong here.
Firstly - confirm your web application is actually running from within the instance.To do this on any recent windows in powershell: Invoke-WebRequest http://localhost:3000.
Secondly - confirm the security group on the instance allows incoming traffic for your designated port - HTTP(80) or HTTPS(443).
Thirdly - since you mentioned your instance has a Public IPv4 address, it must be located within a VPC and a Subnet. Navigate to the VPC service within the AWS Console and have a look at the Network ACL for that subnet. It's possibly denying all incoming traffic - rendering your security group settings unused.
If you're unsure on whether the subnet is blocking incoming traffic or not, have a look at these docs.
I have an EC2 instance thats running an apache server that I can access just fine. However I also have three api's that I am running on that same EC2 instance. these run on ports such as 3007 and I've allowed access to that port and my front end try to use localhost with those associated ports.
Now when I start those API's they connect fine to my external resources such as a database however my front end can't connect to them. Without having to use an additional service such as AWS api gateway, why might it have an issue connecting?
I think your problem arises from the fact that you are calling localhost instead of your EC2 IP/domain name.
When you call localhost, that means whatever computer you are at. For backend, localhost is encouraged since you are on the same computer. But on the frontend, your website tries to go to localhost:3007, which is the client computer. You need to change it to either ec2-<<your EC2 public IP here>>.compute-1.amazonaws.com or your EC2 Public IP.
You can find these here:
I am trying to connect my app, running on one EC2 instance, to MongoDB, running on another EC2 instance. I'm pretty sure the problem is in the security settings, but I'm not quite sure how to handle that.
First off, my app's instance is in an autoscaling group that sits behind an ELB. The inbound security settings for the instance and ELB allow access to port 80 from anywhere, as well as all traffic from its own security group.
The EC2 instance that runs Mongo is able to take connections if the security group for that instance accepts all inbound traffic from anywhere. Any other configuration that I've tried causes the app to say that it cannot make a connection with the remote address. I've set rules to accept inbound traffic from all security groups that I have, but it only seems to work when I allow all traffic from anywhere.
Also, my db instance is set up with an elastic ip. Should I have this instance behind an ELB as well?
So my questions are these:
1) How can I securely make connections to my EC2 instance running mongo?
2) In terms of architecture, does it make sense to run my database this way, or should I have this behind a load balancer as well?
This issue is tripping me up a lot more than I thought it would, so any help would be appreciated.
NOTE
I have also set the bind_ip=0.0.0.0 in /etc/mongo.conf
Your issue is that you are using the public elastic IP to connect to your database server from your other servers. This means that the connection is going out to the internet and back into your VPC, which presents the following issues:
Security issues due to the data transmission not being contained within your VPC
Network latency issues
Your database server's security group can't identify the security group of the inbound connections
Get rid of the elastic IP on the MongoDB server, there is no need for it unless you plan to connect to it from outside your VPC. Modify your servers to use the private internal IP address assigned to your database server when creating connections to it. Finally, lock your security group back down to only allow access to the DB from your other security group(s).
Optional: Create a private hosted zone in Route53, with an A record pointing to your database server's private IP address, then use that hostname instead of the internal IP address.
I'm trying to host my web app on AWS.
I'm hosting my nodejs app on Elastic Beanstalk (salable).
I have created an ec2 instance to host my mongodb.
In test, the mongodb ec2 instance accepts connection at port 27017 from anywhere.
And my website works great.
The problems is that I want to restrict the access to mongodb ec2 instance to only allow connections from my Elastic Beanstalk app.
I changed the rule of my ec2 instance security group, to only accept tcp port 27017 connection from the security group where Elastic Beanstalk app is assigned to.
This breaks the communication to mongodb from my app immediately.
I have also tried to allow all traffic from beanstalk security group, no luck
Have I got anything wrong? please help!
Needed to edit the /etc/mongod.conf file and set your bind_ip = 0.0.0.0 in order to make connections externally.
Also had to try the different version of the mask to work. xxx.xxx.0.0/16 worked for me, but xxx.xxx.0.0/24 and xxx.xxx.0.0/32 didn't.
Also, they recommended that you use the private IP if you are in the same zone (keeps costs down), but public otherwise.
learning amazon aws these days,i've encountered a problem.To test NerdDinner app in amazon ec2,i have set up an ec2 instance with a security group that accepts connections to SQL Server port 1433,and i have created an rds instance and i added all IPs +EC 2 security group(port 1433)
using vs 2010 aws toolkit, when i try to create a database,the rds instance is still asking for my IP to be added to the db security group.See the pics.
The strange thing is that when i connect from another wifi(home wifi),i can access to the db instance.Now i can't access it from company wifi.
Is port 1433 open at your office? You might want to verify that.