- Newest
- Most votes
- Most comments
Yes, COUNT_HANDSHAKE_ERRORS increases due to NLB health checks as you recognize.
Changing the value of max_connect_errors in the RDS parameter group to a larger value allows more time before the connection becomes unavailable.
However, the best practice is to set the number of connections to slightly more than the maximum number expected to be open for each database instance.
So it may not be a good idea to set the value too large.
https://docs.aws.amazon.com/prescriptive-guidance/latest/hyperscale-aurora-mysql/manage-connections.html
The configuration variable max_connections limits the number of database connections for each MySQL instance. The best practice is to set it slightly higher than the maximum number of connections you expect to open on each database instance.
Alternatively, we could create a Lambda function or shell script that periodically executes the following MySQL commands, which would lead to a permanent solution.
FLUSH HOSTS;
Can you tell me why you are setting up NLB to target RDS?
We may be able to suggest a better configuration than what you are currently trying to do.
I have a same requirement and same problem. After some searching on internet, I have found this solution and it worked. You can change the "skip_name_resolve" flag value to 1 in DB Parameter Group and restart the DB. It will resolve the problem.
As per AWS documentation: "skip_name_resolve This parameter is set from the value of the --skip-name-resolve option. If it is OFF (0 in case of RDS), mysqld resolves host names when checking client connections. If it is ON (1 in case of RDS), mysqld uses only IP numbers. In this case, all Host column values in the grant tables must be IP addresses or localhost. Thus, this parameter is used to avoid DNS lookup on connection. By default, it’s turned off (set to 0).
If this parameter is turned off, you might find the following warning in the error log:
2017-03-03 13:10:00 [-]2017-03-03 13:07:22 3396 [Warning] IP address ‘<ip-address-rep-instance>’ could not be resolved: Temporary failure in name resolution "
Is there any way to solve this permanently?
Creating a Lambda or shell script that periodically executes the following commands would be a permanent solution.
FLUSH HOSTS;
Have you consider using RDS Proxy and share resources with RAM? https://aws.amazon.com/blogs/database/use-amazon-rds-proxy-to-provide-access-to-rds-databases-across-aws-accounts/
Relevant content
- asked 2 months ago
- asked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a month ago
Sure. We are trying to setup a private connection to RDS from another AWS account (can't use VPC peering because of CIDR overlap and we will need to configure a such connection from single AWS account to multiple AWS accounts). We based on the solution proposed here : https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/
Is it difficult to use SSM's port forwarding feature as described in the following document? If you can use this, you can connect without problems even if you have duplicate IP addresses. https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/
Or it may be possible to use AWS RAM for resource sharing, etc. However, AWS RAM will need to manage the account with AWS Organizations. https://aws.amazon.com/jp/blogs/database/use-amazon-rds-proxy-to-provide-access-to-rds-databases-across-aws-accounts/