I'm trying to access an RDS instance from an EC2 instance but with no luck. I'm able to connect to RDS from pgAdmin without any problem, but I'm try to connect to it from EC2 using psql I get the following error:
psql: could not translate host name "pgrds.cqvae2m3k8q9.us-west-2.rds.amazonaws.com" to address: Name or service not known
I have both instances running in the same VPC and using the same security group, which have all traffic open both ways. I've spent quite some time on this, and tried several solutions but none worked.
Related
I've created an AKS cluster and Flexible PostgreSQL database.
The postgresql database is public, and I made firewall entry while setting up the DB to allow local connection from my IP - which worked fine.
When I then tried to connect from AKS, I was unable to - I was getting timeouts.
Eventually, I clicked the setting to allow access from everywhere on azure
That fixed the timeouts, and I can now connect, but I get a new error:
no pg_hba.conf entry for host "**.**.***.203"
What am I doing wrong?
I'm running an application on an EC2 instance (AWS cloud computing solution) that connects to a specific Database address.
When I run the application in my local machine it connects perfectly to the DB.
However, when I run it in the EC2 the connection hangs indefinitely. I've also tried to connect using psql to prove that the error was on the connection and received the "Connection timed out error".
Both my local machine and the EC2 instance are running ubuntu 22.04.
Does anyone have any idea what could be going on?
Both RDS instance and EC2 instance need to be in the same VPC, check your inbound rule of security group of your RDS. It must allow security group of your EC2 instance.
If you configured it to connect through public internet (not recommended) like what you did from local, the inbound rule of RDS need to allow IP of your EC2 instance.
I have just created a new RDS instance with PostgreSQL but I cannot connect to it. I'm using the following command to connect:
psql --host=<dbendpoint> --port=5432 --username=<user> --password --dbname=<dbname>
I have been searching for information related to the problem, but none of the solutions have worked.
I have public access to the DB enabled.
I have allowed all traffic in the security group of the database.
The error I'm getting is this one:
psql: error: could not connect to server: Connection timed out
Is the server running on host "database-test-1-by-hand.cwsxzm3kzzim.us-west-1.rds.amazonaws.com" (204.236.171.212) and accepting
TCP/IP connections on port 5432?
Any idea about what's happening?
Update
Here are the options from the VPC the database is on:
I remember enabling the DNS hostname to allow public access.
Update 2
I have created an EC2 instance in the same VPC where the db instance is, and I have been able to connect to it.
The db instance is deployed in the same VPC, where I have 4 different subnets, two public and two private. This is the configuration:
I have written a set of APIs using springboot framework. Locally its working fine. But now I am trying to test it with the postgresql database running on ec2 instance on aws.
NOTE: I am not using amazon RDS services, I have created an ec2 instance and installed postgres and configured database there.
I can see this exception being thrown when I am running my springboot application locally.
org.postgresql.util.PSQLException: The connection attempt failed.
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:297)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:211)
This is the config from application.properties for one of the db
spring.xyz.datasource.jdbc-url=jdbc:postgresql://xyz.com:5432/xyz_db
spring.xyz.datasource.username=xyz
spring.xyz.datasource.password=xyz123
Am I not being able to connect because of the EC2 instance security configs ? How can I change that ?
Also it will be helpful if someone can tell me how can I make aws ec2 instance to accept the connection from only one VM ?
regarding Postgress connection-
add below rule to security group of Ec2 instance , on which you have installed postGress
Allow inbound traffic to postgress port from 0.0.0.0/0 and test. ( protocol- TCP, port - 5432, IP - 0.0.0.0/0)
regarding allow from only one VM
add security group rule to your Ec2 instance
Allow inbound traffic from your VM IP only
I created a Single Zone postgres db instance on Cloud Sql, and I am trying to connect by cloud sql proxy.
/cloud_sql_proxy -instances=<PROJECT_ID>:us-central1:staging=tcp:5432 -credential_file=./<SERVICE_ACCOUNT_KEY_FILE>
This is running well. But when i run below command,
psql "host=127.0.0.1 sslmode=disable dbname=postgres user=postgres"
the proxy shows this error:
2019/11/14 15:20:10 using credential file for authentication; email=<SERVICE_ACCOUNT_EMAIL>
2019/11/14 15:20:13 Listening on 127.0.0.1:5432 for <PROJECT_ID>:us-central1:staging
2019/11/14 15:20:13 Ready for new connections
2019/11/14 15:20:34 New connection for "<PROJECT_ID>:us-central1:staging"
2019/11/14 15:22:45 couldn't connect to "<PROJECT_ID>:us-central1:staging": dial tcp 34.70.245.249:3307: connect: connection timed out
Why is this happening?
I am doing this from my local.
I've just followed this tutorial step by step and it worked perfectly for me.
I did not have to do any extra steps(whitelisting ip, opening port etc...) and this was done in a clean project.
Are you trying to do this from local with the SDK or from Cloud Shell? Do you have any firewall restrictions in place?
Any further information about specific setup from your side that might affect will surely help.
Let us know.
EDIT:
Make sure your port 3307 is not blocked by anything.
Have a look at this official documentation specifying that.
Make sure you have all the required IAM roles attached to the service account before you connect to it:
For instance, the list of roles for cloudsql can be retrieved from gcloud with:
$ gcloud iam roles list --filter 'name~"roles/cloudsql"' --format 'table(name, description)'
NAME DESCRIPTION
roles/cloudsql.admin Full control of Cloud SQL resources.
roles/cloudsql.client Connectivity access to Cloud SQL instances.
roles/cloudsql.editor Full control of existing Cloud SQL instances excluding modifying users, SSL certificates or deleting resources.
roles/cloudsql.instanceUser Role allowing access to a Cloud SQL instance
roles/cloudsql.serviceAgent Grants Cloud SQL access to services and APIs in the user project
roles/cloudsql.viewer Read-only access to Cloud SQL resources.
If your service account is lacking the appropriate roles, it won't be able to connect to the instance for IAM authentication to work.
The issue is probably that you are not in the VPC network, like when you connect from localhost, so what happens is the cloud proxy showing it cannot connect to the remote IP.
Read this carefully if you use a private IP :
https://cloud.google.com/sql/docs/postgres/private-ip
Note that the Cloud SQL instance is in a Google managed network and the proxy is meant to be used to simplify connections to the DB within the VPC network.
In short: running cloud-sql-proxy from a local machine will not work, because it's not in the VPC network. It should work from a Compute Engine VM that is connected to the same VPC as the DB.
What I usually do as a workaround is use gcloud ssh from a local machine and port forward over a small VM in compute engine, like:
gcloud beta compute ssh --zone "europe-north1-b" "instance-1" --project "my-project" -- -L 5432:cloud_sql_server_ip:5432
Then you can connect to localhost:5432 (make sure nothing else is running or change first port number to one that is free locally)
What should also work is to setup a VPN connection to the VPC network and then run the cloud proxy in node in that network.
I have to say I found this really confusing because it gives the impression the proxy does similar magic like gloud does. It's beyond me why some Google engineers have not wired that together yet, can't be too hard.
I had this issue previously when I didn't specify the port argument to psql for some reason, try this:
psql "host=127.0.0.1 port=5432 sslmode=disable user=postgres"
Don't specify the db, and see if that lets you get to the prompt.