Can't connect to Aurora cluster from AWS Bastion Host

0

I've successfully created an Aurora cluster, and it's running. I've successfully created a Bastion Host, using the template. It seems to be connected to the right VPC (same one as the Aurora cluster). I can't connect to the Aurora cluster. What I want to do is to use MySQL Workbench. It can connect to the Bastion Host, but it gets an error connecting to the database. I can SSH to the Bastion Host, but can't see the endpoint. Ping, SSH, nothing. I can resolve the endpoint to an IP address, but can't get that address to respond.

This is probably something fundamental and simple, like maybe I have to create some rule in the security group or something. I "think" the Bastion Host is on the VPC, so it shouldn't need a rule, and if it does., I don't know what it would be.

已提問 4 年前檢視次數 919 次
5 個答案
0

Hi,
For the Aurora database

1. click on Services->RDS
2. Click on Databases
3. Click on the DB identifier for the Aurora instance
4. Write down the following information:
    Endpoint :
    Port:
    VPC:
    VPC security groups:
    Public accessibility
    subnet group:
    Subnets:
5. Click on the link for the VPC security groups 
6. click on the Inbound tab and write down what protocols/Port Range/Sources are allowed. Note: 3306 should be one of the allowed ports. If NO, then Click the Edit button, Click Add Rule, 3306 for the Port range and for the source enter 0.0.0.0/0 (for now... later, you can lock down the IP to the Bastion server's private IP address, but let's see if you can first connect).
7. See if you can now connect.

FYI: I verified that I was able to connect from my desktop through a Bastion server.
I will try to help you debug more, if after you follow the above steps, you are still having problems connecting.
{code}
-randy

已回答 4 年前
0

endpoint: stripcallcluster-1.cluster-cc53mewxcxrb.us-east-1.rds.amazonaws.com
port: 3306
vpc: vpc-2f3ca355
vpc security group: AuroraForStripcallSG (sg-05c0596e84b978312)
( active )
default (sg-e5a25ebd)
There is no setting for "public availability"
Subnet group stripcallgroup
Subnets
subnet-e70210ad
subnet-495dcb77
subnet-36206251
subnet-3f470e11
subnet-d97f7bd6
subnet-5a5b1406

The default VPC security grouo inbound rules are:
All traffic All All sg-e5a25ebd (default)
MYSQL/Aurora TCP 3306 65.74.232.84/32
MYSQL/Aurora TCP 3306 24.154.122.0/24

I added an inbound rule for 0.0.0.0/0
That helped. "Test Connection" in Workbench worked.

However: Your connection attempt failed for user 'admin' to the MySQL server at stripcallcluster-1.cluster-cc53mewxcxrb.us-east-1.rds.amazonaws.com:3306:
Lost connection to MySQL server during query

I waited an hour and tried again, and this time it succeeded, so I actually have Workbench connected and running to the database.

So at least part of the problem is that I need an inbound rule for the Bastion Host. How do I construct that correctly?

已回答 4 年前
0

Hi,
Double check your Aurora database instance for "public availability". It should be in the right hand column side of the properties. It should hopefully be "no".

As you mentioned, you will need to add your Bastion server's private IP address to the Security Group. So you will first

1. Services->EC2
2. Click on Instances
3. Click on your Bastion Server instance
4. In the Description tab, on the right hand side column, there will be an Private IP address in the row, Private IPs. Copy this IP address.

Then follow the directions in my earlier message, and instead of 0.0.0.0/0, put the <IP address>/32.  For example, if your IP address was 172.31.46.221, then enter 172.31.46.221/32

-randy

已回答 4 年前
0

Okay, so that worked, and Workbench has access with the /32. Thank you very much.

I still don't see the public availabilty setting.

I go to RDS Services->Databases. Select my database. I have a summary, with no Public Availability
I have tabs for Connectivity & security
Monitoring
Logs & events
Configuration
Maintenance & backups
Tags

I look in Connectivity and security and see a security heading on the right, but all it has is the security groups.
I look at Configuration and it has an Availability column, but the only things in that column are IAM db authentication, user name and password.

Dunno where else to look.

已回答 4 年前
0

I'm closing this. I did get it to work, but there are so many issues in setting up Aurora Serverless to work with Lambda, I've given up entirely and started all over with DynamoDB. This application is a much better fit with a small relational DB, but the complications in using Aurora Serverless with Lambda is way, way too daunting. Thanks again for your help.

已回答 4 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南