Can't connect to RDS from task

0

I have an ecs task that I cannot get to connect to an rds cluster. It was working a week ago but it needed to be rebuilt and I've obviously missed something but I cannot for the life of me work out what's missing. The fargate cluster has full outbound access in the security group, the RDS cluster also has that security group attached. But the task itself seems to have no outbound access. The networkmode for cluster and task is set to awsvpc and it is all on the same vpc. What am I missing?

  • Did you check the logs on RDS side to see if there are any port of authentication errors? Did you check the VPC flow logs and see if the traffic is hitting from ECS cluster to RDS? Did the task came up healthy? Please check the NACL rules and also if the fargate cluster and RDS cluster are created in right subnets. Where are the RDS Connection details provided in the fargate tasks ex: Task definition? Please review the port and endpoint information.

1 Answer
1
Accepted Answer

Hello,

From your post I can see that you are having issues with ECS Fargate to communicate to RDS Cluster. You also did check the SG from both side and all look good.

I'm assuming here that you are receiving a timed out error from your application. Thus, there are some things to check in order to make sure that the networking connection will be successful:

  • Check the NACL - Since you did already check the SG's, it worth to check the NACL from the Subnets as well. Just remember that the rules are stateless and it should allow both Inbound/Outbound connections.
  • Check again the RDS SG - You've mentioned that the Task SG has all outbound allowed. What about the RDS SG Inbound rules?

Since they are in the same VPC, you don't need to check the Gateway configuration (just make sure that there is a local route for the VPC CIDR in place).

Other than that, I'd create a regular EC2 instance, run this container manually and try to see if the connection would be stablished (all SG rules should allow the EC2 instance as well).

I hope that this helps you. As a last comment, let me share this ECS Best Practice documentation about Networking mode. It is not directly related to the issue but it worth to check and have it in mind.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions