By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

RDS Proxy Target Group Unavailable

0

I am attempting to configure an RDS proxy for robust connection from Lambda functions to postgres RDS instance. Function is able to generate authentication token via RDS IAM but connection times out

When running 'aws rds describe-db-proxy-targets --bd-proxy-name- [proxy-name]'

"TargetHealth": { "State": "UNAVAILABLE", "Description": "DBProxy Target unavailable due to an internal error" }

Is returned.

Docs @ https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-proxy.troubleshooting.html#rds-proxy-verifying advise of a reason field, which is missing here.

Attempting to connect to proxy returns: "errorType": "NpgsqlException", "errorMessage": "Failed to connect to [RDS Instance IP Address]:5432",

If anyone has advice it would be very much appreciated

  • Kyle_B SUPPORT ENGINEER
    2 months ago

    What do the CloudWatch logs for the Proxy state? I imagine the Proxy is facing an issue where it either can't reach the instance, or the user created for proxy can't connect/access a system database in order to check the health. What is the destination instance engine?

  • Aurelian
    2 months ago

    Thanks for getting back to me @Kyle_B. CloudWatch logs for the proxy aren't being written- for whatever reason (proxy IAM role has permission to write to log group). Am trying to connect to a postgres db. The DB user in question is able to connect directly but not via the proxy.

Topics
ServerlessComputeMigration & ModernizationAnalyticsDatabaseSecurity, Identity, & Compliance
Tags
AWS LambdaAmazon Relational Database ServiceAWS IAM Identity CenterAmazon RDS Proxy
Language
English
Aurelian
asked 2 months ago322 views
1 Answer
1

To resolve the DBProxy Target unavailable due to an internal error issue trying to do these steps:

  1. Check the RDS Proxy and database instances are in a healthy state.
  2. Verify the RDS Proxy configuration, including security groups and VPC settings.
  3. Ensure network settings like ACLs and route tables allow traffic between the RDS Proxy and database instances.
  4. Check the logs for any error messages or clues.
  5. Consider restarting the RDS Proxy if the issue persists.
profile picture
EXPERT
Osvaldo Marte
answered 2 months ago
  • Aurelian
    2 months ago

    Thanks for getting back to me Osvaldo.

    1. Both the RDS instance and proxy have a status of available however the target group containing the db instance is unavailable. I am unsure how to investigate or restore this.

    2. As far as I can tell the proxy config is correct. The security groups allow in and outbound traffic where necessary. The lambda, DB and proxy are all in the same VPC and the proxy shares subnets with both the lambda and the DB.

    3. The route tables are configured to allow traffic between subnets and the ACLs also.

    4. The cloudwatch logs for the proxy aren't being written despite the proxy's IAM role having permission to do so.

    5. I'm not sure it's possible to 'restart' the proxy outside of deleting and recreating.

    Thanks again.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content