I am working on serverless node basic application which has the basic function of CRUD operation with mysql. The mysql is created in the RDS Mysql and assigned to the public, In local system its connected and working fine, After the deploying serverless deploy, I am getting an error as Handshake inactivity timeout in response body.
Note: I used the serverless deploy and RDS MySQL in same AWS account.
Even if both are deployed in the same account, and the RDS is public, the lambda might be deployed in a private subnet that does not have internet access. Without seeing your serverless deployment script, my guess is you may have to configure the correct security groups and subnets for your lambda function to be able to connect to this public database.
Here's a medium article that may help with the setup. Under the vpc configuration of your lambda function, you may have to modify the following.
provider:
name: aws
stage: prod
runtime: nodejs6.10
region: us-east-1
vpc:
securityGroupIds:
- HERE_YOUR_SECURITY_GROUP
subnetIds:
- HERE_YOUR_SUBNET_1
- HERE_YOUR_SUBNET_2
- HERE_YOUR_SUBNET_3
environment:
MYSQLHOST: 'xxxxx.rds.amazonaws.com'
MYSQLPORT: 'xxx'
MYSQLUSER: 'xxx'
MYSQLPASS: 'xxxxx'
MYSQLDATABASE: 'xxxx'
Related
I have a Cloud Run container that uses a Serverless Connector to connect to a Cloud SQL instance all in the same project. This configuration works just fine.
I have moved the Cloud SQL instance to another project in the same organisation and setup a Serverless Connector there as per the instructions. I have tested this Serverless Connector with a Cloud Function in the same project that accesses the database and reports the number of rows in a table, this works without problems.
I have now updated the Cloud Run instance to point to the new connector reference. I have used the specified format: projects/PROJECT_ID/locations/europe-west3/connectors/CONNECTOR_NAME. When I release a new revision of the container, I get the error message: "Could not find specified network to attach to app." I see the message "Ready condition status changed to False for Service {service name} with message: Deploying Revision." in the Cloud Run logs for this service.
Any ideas on how to get this working please?
Documentation:
Configuring Serverless VPC Access
Configure connectors in the Shared VPC host project
Info:
Command gcloud compute networks vpc-access connectors describe --region=europe-west3 projects/PROJECT_ID/locations/europe-west3/connectors/CONNECTOR_NAME gives the output:
connectedProjects:
- company-service-dev
- a-project-name
ipCidrRange: 10.8.0.0/28
machineType: f1-micro
maxInstances: 3
maxThroughput: 300
minInstances: 2
minThroughput: 200
name: projects/PROJECT_ID/locations/europe-west3/connectors/CONNECTOR_NAME
network: company-project-servicename
state: READY
The connector MUST be in the same region AND the same project as the Cloud Run service.
The wrong solution is to create a peering between the Cloud Run project VPC and the Cloud SQL project VPC. But it won't work because of network transitivity issue (CLoud SQL to Project create 1 peering and Cloud Run VPC to Project create another peering -> 2 peering in a row aren't transitive).
The correct solution is to create Shared VPC architecture to share the same VPC and therefore not to require to perform peering between project.
Another ack exists: you can create a VPN between Cloud Run project VPC and Cloud SQL project VPC. It's ugly, but it works.
Solved!
Problem: Configuration. There was a VPC created for the Cloud SQL db to get an IP address assigned in. The Serverless Connector was created and had access to the same network. I, mistakenly, thought that was all that is needed. As #guillaume-blaquiere points out, this is for a single project only.
To fix: Create a Shared VPC configuration in the host project. In the Google Cloud Console it was as easy as turning on Shared VPC (VPC Network > Shared VPC). Setup a configuration with pretty much the default options it gives you and then you can use the Serverless Connector reference projects/PROJECT_ID/locations/europe-west3/connectors/CONNECTOR_NAME in your Cloud Run or Cloud Functions and all works just fine!
I have an ElasticBeanstalk application that uses Docker to run a small Laravel PHP API.
The app cannot connect to MySQL when running in ElasticBeanstalk.
The MySQL DB is a publically available AWS RDS instance.
I've run my Docker container locally and the app can connect just fine.
When I deploy to ElasticBeanstalk the app cannot connect...
Can anyone point me in a direction to help debug this?
SOLUTION
For anyone else who stumbles on this:
The solution was to create a new security group for both the EC2 instances and the RDS database. The two security groups opened up access via port 3306 for the instances and the database.
I also ensured the EC2 instances were available across every subnet and in the same VPC as my database.
Taken from the answers below and bit of help from a SysOps friend of mine.
You may want to check the EC2 Security Group Rules attached to Elastic Beanstalk to allow TCP at port 3306 for MYSQL type.
High chance that your ec2 instance does not have a public ip assigned to it. If you're trying to connect to the public IP of RDS without a public ip on the ec2 instance you won't be able to.
The ec2 instance will either need a public ip or it will need to have external internet connectivity through NAT.
I have my Sails application on an AWS instance with all dependancies installed with no apparent issues. However, each time I try to launch the app I am getting the following error.
error: AdapterError: Connection is already registered
I have not managed to successfully lift sails yet on the instance and sails-mysql was freshly installed so no connections should be registered.
I have taken the following steps to deploy my app..
Set up a MySql RDS instance (EU-West)
Created and set up an Ubuntu AMD-64 t2.micro EC2 instance (EU-West)
Installed all prerequisites (Git, NVM, NodeJs, Sails, etc.)
Cloned my Sails project
Installed dependencies for Sails
Correctly configured my connection settings for Sails to use my RDS instance.
I know that my connection settings are correct as I have been able to run Sails on my local machine with a connection to my RDS instance and it would consistently lift without any issues.
I am also able to connect to my RDS instance using SequelPro with no problems.
I have had issues with dependencies in the past but have managed to fix those issues and have not had any of them on my local machine or with my EC2 instance.
After searching for a while I have come across a few users who have had similar issues but have managed to fix them with Waterline's teardown methods, however, I am unsure how to achieve this.
I have done my best to provide as much information as possible and any help would be massively appreciated.
Sails Version: 0.12.11
Thank you in advance.
I managed to fix the issue by carrying out the following:
Switched my environment to production in config/bootstrap.js
In connections.js add connectTimeout: 20000 to make sure the request does not time out before the connection is made.
eg. process.env.NODE_ENV = 'development'
Ensure that the security group inbounds rules for the RDS allows connections from the security group associated with my EC2 instance.
Type: MySQL/Aurora
Protocol: TCP
Port Range: 3306
Source: < Your security group ID >
Following the above points also meant I overcame the issue with handshake timeouts when communicating with the RDS.
I am struggling to enable an AWS lambda to send HTTPS POST requests to an AWS elastic beanstalk service.
The elastic beanstalk provides web and web services and works nicely.
The lambda is doing some calculations with AWS elasticache (works well) and then decides if to send HTTPS POST to the beanstalk URL.
The lambda is written with node.js. About 2 minutes after the POST attempt I am getting this timeout:
[Error: connect ETIMEDOUT X.Y.Z.W:443] code: 'ETIMEDOUT', errno: 'ETIMEDOUT', syscall: 'connect', address: 'X.Y.Z.W', port: 443
I see no indication of a request in the elastic bean nginx access log.
So my understanding is that the security groups are not set correctly.
I ruled out the option that the elastic beanstalk prevents such connections - The lambda is using a url with an external domain name that can be used from any browser and that works fine.
So I am left with the conclusion that the lambda security prevents this connection. So - I opened up the lambda security group completely to "All traffic" from anywhere - and I still get this problem.
Any ideas?
You are running your Lambda function within your VPC, which is required to access your ElastiCache servers. However once you place a Lambda function into a VPC it no longer has access to anything outside the VPC. You are trying to hit the Elastic Beanstalk server via a public (Internet) address, which the Lambda function does not have access to. Thus you are getting network connection timeouts.
You need to configure your Lambda function to access the service via an internal VPC address. And you need to configure your Elastic Beanstalk Security Group to allow access from the Lambda Security Group (if you haven't already).
Alternatively, you could add a NAT Gateway to your VPC, which would give your Lambda function access to resources outside the VPC.
I've recently created a Mule application (3.7.0 CE) on a laptop. I'm connected to an AWS RDS instance when running locally in AnyPoint Studio using Maven. I started with a local MySQL DB and migrated it to AWS because my application "proofofconcept" is just that a proof of concept and I would like to show the application online (public url) instead of my laptop for a presentation. I added the database.url=... property to the application properties when I deployed to Anypoint Runtime Manager in the cloud. I'm currently getting a:
communications link failure
I've tried several things and nothing has worked. I tried a basic database connection first in the database config. And, then I created a JDBC datasource in Spring-beans. Both methods worked locally and in-communication with AWS (remote). When I deploy to Runtime Manager, the application deploys. And, I get the console that's generated runtime by the RAML. When I call a url e.g. api/v1/orders it runs and runs and after timeout provides the communication error.
Does anyone 1) know if the communication is allowed? 2) know how to fix this? I would like to demo the POC online for my client.
Thanks in advance
My issue was with Amazon VPC and the default security group assigned to my RDS instance. By default all outbound activity is set to any protocol and any port for any ip (0.0.0.0/0). Inbound routing, however was specifying only port 3306 but also a custom using-ip that was my home network public ip. I changed the ip specification to be 0.0.0.0/0. This now mean's that any ip can send a request though port 3306 to my Amazon MySQL instance.