AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

[RDS Postgres] failed: Connection timed out

0

Hi, I have multiples postgres database instance on RDS, but, for some reason, out of nowhere, some of them now have no public connection, without any active intervention. What is weird is that I can still connect to some instances with psql. Both instances (the ones I can connect and the ones I can't) have the same:

  • Security Groups (with my ext ip as an inbound rule to postgres)
  • Publicly accessible: Yes
  • VPC
  • Subnets
  • Availability Zone

And their DNS looks ok, which I verified with:

$ nslookup ########.rds.amazonaws.com
Server:         ###.###.###.###
Address:        ###.###.###.######

Non-authoritative answer:
##########.rds.amazonaws.com     canonical name = ##########.amazonaws.com.
Name:   ##########.amazonaws.com
Address: ###.###.###.###

But, when checking with

$ nc -zv ##########.rds.amazonaws.com ####

I get "succeeded" from one, and "nc: connect to ###.###.###.### port #### (tcp) failed: Connection timed out" from the other.

주제
네트워킹 및 콘텐츠 전송마이그레이션 및 현대화분석데이터베이스
태그
아마존 VPC아마존 Relational Database Service네트워킹 및 콘텐츠 전송보안 그룹
언어
English
Seiji
질문됨 한 달 전142회 조회
1개 답변
0
수락된 답변

Hello.

Is there a route to the Internet gateway configured in the subnet where RDS is running?
For example, are all the subnets set in the subnet group public subnets?
https://repost.aws/knowledge-center/rds-connectivity-instance-subnet-vpc
https://repost.aws/knowledge-center/rds-cannot-connect

By the way, public access of RDS is not recommended for security reasons, so I think it is better to connect using Session Manager's port forwarding function as introduced in the document below.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/

profile picture
전문가
Riku_Kobayashi
답변함 한 달 전
profile pictureAWS
전문가
AWS-User-alantam
검토됨 한 달 전
  • Seiji
    한 달 전

    Hi, There are 3 private subnets and 3 public subnets on this vpc, all 3 public subnets are targeting an internet gateway. The thing is, I can access a database on the same VPC, with the same subnets with the same configurations. About the second solution, we plan on doing it later, but right now I need a fast solution because there are multiple external services accessing my database. It was working, but out of nowhere it stopped working for only some instances, so we need to fix this legacy structure before migrating to another. Is there some configuration specific to each rds instance that needs to be configured? Like inserting its ip somewhere?

  • Seiji
    한 달 전

    Update: the other ones also stopped working. I will look into everything again.

  • Seiji
    한 달 전

    It looks like my instance has an ip that is outside the range of the vpc

  • Seiji
    한 달 전

    In the end made it work using the ssh tunnel with an ec2. Maybe the problem was the private and public subnets inside the same vpc. Thanks!

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠