- Newest
- Most votes
- Most comments
If you have been using IP address to connect to or in any security groups, its MOST likely the RDS IP address has changed during the upgrade. Check if your using IP addresses in NACL's, Security Groups or the connection string
Hey teo,
Check Security Group Rules:
- Ensure that the RDS instance's security group allows inbound traffic from the CIDR block of the VPC in Account B (Airflow EC2).
- Also, verify that the Airflow EC2's security group allows outbound traffic to the RDS instance in Account A.
Routing Table Configuration:
- Confirm that the route tables in both accounts are properly set up to route traffic through the VPC peering connection.
- Account A (RDS): Ensure the route table has a route for Account B’s CIDR block that uses the VPC peering connection.
- Account B (Airflow EC2): Ensure the route table has a route for Account A’s CIDR block that uses the VPC peering connection.
VPC Peering Status:
- Check that the VPC peering connection is still active and in an "active" state. Sometimes peering connections can drop due to network changes.
RDS Instance Endpoint:
- After upgrading the RDS instance type, verify that the endpoint of the RDS instance hasn't changed. If the endpoint changed, ensure you're using the correct new endpoint in the connection.
DNS Resolution in Peering:
- Make sure DNS resolution for VPC peering is enabled in both VPCs. Go to the VPC settings and check if "Enable DNS Resolution" is checked for the peering connection.
Network ACLs:
- Verify that there are no network ACLs in place that could be blocking the traffic between Account B's Airflow EC2 instance and Account A’s RDS.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html
https://repost.aws/knowledge-center/rds-connectivity-instance-subnet-vpc
Thanks for your comments. I've double-checked all the suggestions you wrote above but nothing helps me out.
What I've tried is that:
- I pinged from B's Airflow EC2 to A's EC2 and it worked well.
- created new RDS instance and tried connection but it failed.
Hey teo
Check if the RDS Subnet is Public/Private:
- Ensure that the new RDS instance is in a private subnet that is properly configured for the VPC Peering. Sometimes, during an upgrade, a new subnet or network configuration can change.
- If the RDS is in a private subnet, check that the NAT Gateway and route tables are configured to allow communication through VPC Peering.
RDS Parameter Group Settings:
- If your RDS is using a custom DB Parameter Group, check that the settings for network timeouts, connections, or security haven’t been modified after the upgrade.
Network Load Balancer:
- If you're using an RDS Proxy or Network Load Balancer (NLB), verify that these are properly forwarding traffic from Account B to Account A after the instance upgrade.
IAM Roles and Access:
- Check if there are any IAM role changes or additional permissions needed for accessing the RDS after the upgrade, especially if you use a specific role for Airflow to access the RDS.
Recheck VPC Peering DNS Resolution:
- Even though you checked the DNS resolution, try connecting to the RDS using its private IP instead of the DNS name. Sometimes DNS issues may still occur, even with proper configurations.
RDS Logs for Connection Errors:
- Enable RDS logs
(e.g., error/mysql/error.log for MySQL)
and check if there are any specific errors when the Airflow EC2 from Account B tries to connect.
Compare Old and New RDS Configurations:
- If possible, compare the configurations of the old RDS instance with the new one (from before the upgrade) to see if anything was unintentionally changed during the upgrade process (like security settings or network configurations).
Relevant content
- Accepted Answerasked 7 months ago
- Accepted Answerasked 4 years ago
- asked a month ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 days ago
I've been using RDS's endpoint and the endpoint hasn't changed since the RDS instance type changed. I tested with lambda to connect RDS on the same vpc and security group which ec2 based on. It works fine. But on ec2 it's still not working. Any suggestions ? Thanks for comments