Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

RDS connectivity failure after AWS maintenance window

0

At 4:03AM EDT today when the RDS AWS maintenance window applied patches and changed some settings, followed by an rds reboot, connectivity from my fargate container and from outside the AWS network have gone dead. No response on port 5432. s_client cannot connect either (not a TLS problem). I am able to access the RDS instance from an EC2 maintenance VM. All using existing security group rules. No other changes. I tried restarting the RDS instance, no change.

This is directly correlated to the maintenance window.

Topics
AnalyticsDatabase
Tags
Amazon Aurora
Language
English
asked 10 months ago199 views
3 Answers
1

Hello.

Can you confirm the public IP address by resolving the RDS endpoint using a command such as "dig"?
Also, please make sure that all subnets used by the RDS instance are public subnets.
If a subnet group contains both private and public subnets, a failover may occur during maintenance, and the instance may be moved to a private subnet.

EXPERT
answered 10 months ago
0

Based on your description, it sounds like the RDS maintenance window has caused connectivity issues to your PostgreSQL database on port 5432. Since you can still access the RDS instance from an EC2 maintenance VM but not from Fargate containers or outside AWS, this suggests a networking or security configuration change rather than a database-level issue.

Here are several potential causes and solutions to investigate:

  1. Public Accessibility Setting: The maintenance might have changed the "Publicly accessible" setting on your RDS instance. Check if this setting is still enabled in the RDS console under "Connectivity & security" if you need external access.

  2. Security Group Configuration: Verify that the security group associated with your RDS instance still has the correct inbound rules allowing traffic on port 5432 from your Fargate containers and external sources.

  3. Subnet Configuration: If your RDS instance is connected to both private and public subnets, the maintenance might have caused a failover to a private subnet. This can cause connectivity issues even if public access is enabled. Consider configuring your RDS to use only public subnets if external access is required.

  4. Network ACLs: Check if the Network ACLs associated with your RDS instance's subnet allow inbound and outbound traffic on port 5432.

  5. Route Tables: Ensure that the route tables for your VPC are correctly configured to allow traffic between your Fargate containers and the RDS instance.

  6. Database Port: Confirm that the database port hasn't changed from 5432 during maintenance.

  7. Database User Permissions: Verify that the database users still have CONNECT access to the database.

Since you can connect from an EC2 instance in the same VPC but not from Fargate or external sources, the most likely issues are related to public accessibility settings or security group configurations. Try temporarily allowing all inbound traffic to your RDS instance (for testing purposes only) to rule out security group issues.
Sources
Troubleshooting connection issues to your Amazon RDS DB instance - Amazon Relational Database Service
Lost public access to AWS RDS postgresql instance | AWS re:Post
Troubleshooting connections to your RDS for PostgreSQL instance - Amazon Relational Database Service
Cannot connect to RDS(postgres) from EC2 via application code | AWS re:Post

answered 10 months ago
EXPERT
reviewed 10 months ago
0

I've already checked the networking. Since this post, the Fargate instance is now magically working. But my off-aws network connection still fails. It is slowly fixing itself, which implies it is some AWS issue.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content