By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to Successfully Connect AWS App Runner with a Privately Accessible RDS Instance?

0

I am trying to connect my AWS App Runner service to an Amazon RDS database that is privately accessible and located in the default VPC. Here is the configuration I've set up:

RDS Configuration:

The RDS instance is in the default VPC. It has associated subnets and security groups. App Runner Configuration:

For incoming traffic, I have set it to be publicly accessible. For outgoing traffic, I created a VPC connector and added it to the outgoing traffic configuration. While creating the VPC connector, I selected the same VPC, subnets, and security groups as those used by the RDS instance. However, when I save these changes and deploy the App Runner service, the deployment fails and rolls back with the message: "Successfully rolled back update of my-service-name."

I need guidance on why the deployment is rolling back and how to successfully connect my App Runner service to the privately accessible RDS instance. Are there any specific steps or configurations I might be missing?

Additional Details: The RDS security group allows inbound traffic from the App Runner service. The App Runner service needs to have network connectivity to the RDS instance to perform database operations. Any help or suggestions on how to resolve this issue would be greatly appreciated. Thank you!

Topics
Networking & Content DeliveryComputeContainersDatabase
Tags
Amazon VPCAWS App RunnerSecurity GroupAmazon RDS Database Preview Environment
Language
English
asked a year ago582 views
1 Answer
0

Hi,

I assume you have read this When the service fails to connect to Amazon RDS or downstream service. It appears your settings are aligned with this.

I would suggest the following:

Test the connectivity: From an EC2 instance within the same VPC as the RDS instance, try connecting to the RDS instance to ensure the network configuration is correct. If connection is not successful, review your VPC, subnet, and security group configurations.

Enable VPC flow logs: Enable VPC flow logs and look for traffic related to the ENIs associated with the App Runner service's VPC Connector. This will help you identify any network traffic issues.

Use Reachability Analyzer: Use the Reachability Analyzer tool to identify any network misconfigurations between the App Runner service and the RDS instance. Enter the App Runner ENI as the source and the RDS ENI as the destination.

Contact AWS Support: If you're still unable to resolve the issue after following the above steps, contact AWS Support for further assistance.

Thanks, Rama

AWS
EXPERT
answered a year ago
EXPERT
reviewed a year ago
  • jk
    a year ago

    I am trying to connect my AWS App Runner service to an Amazon RDS database that is privately accessible and located in the default VPC. Here is the configuration and the issue I'm facing:

    Current Configuration:

    RDS Configuration:

    The RDS instance is in the default VPC. It has associated subnets and security groups. App Runner Configuration:

    Incoming Traffic: Set to be publicly accessible. Outgoing Traffic: Created a VPC connector and added it to the outgoing traffic configuration. Selected the same VPC, subnets, and security groups as those used by the RDS instance. Issue: When I save these changes and deploy the App Runner service, the deployment fails and rolls back with the message: "Successfully rolled back update of my-service-name."

    Question: Do I need to make changes in both incoming and outgoing traffic settings in App Runner, or just in the outgoing traffic, to successfully connect to the privately accessible RDS instance? What specific settings should I use for the VPC, subnets, and security groups in the VPC connector?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content