AWS RDS Read Replica on a different VPC - mysql

I am trying to create an rds mysql read replica in a different vpc in the same region. This doesn't seem to work. I am getting the below error.
I am able to create a cross region read replica, here obviously the vpcs are different. But it works there and not within the same region.
Any idea why this could be the case?
The DB instance and EC2 security group are in different VPCs. The DB instance is in vpc-b40d62d3 and the EC2 security group is in vpc-3f6cc45b (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 56d7eb7c-8cd7-490a-b979-ef678f4f6ed7)
This was asked earlier and the answer was not supported and use a custom solution. Asking again as that was a 3 year old post and cloud moves fast. :)
Cheers.

Tried this a week ago in RDS console but didn't work. I got the same error. But It is supported. At least in aws-cli version 1.16.
aws rds create-db-instance-read-replica \
--db-instance-identifier [yourmaindb] \
--source-db-instance-identifier [arn resource url of the source] \
--db-subnet-group-name [subnet in a different VPC] \
--vpc-security-group-ids [security group in a different VPC]

Related

AWS RDS Error: IAM Database Authentication is not supported for this configuration

I'm trying to create an AWS Aurora read replica from an RDS MySQL Instance, but I'm getting the following error.
IAM Database Authentication is not supported for this configuration. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: cabe107c-d4c9-4d97-9222-b659622a04b6; Proxy: null)
It turns out that my problem was that I was trying to create a db.t2.small instance, but IAM authentication is not supported for AWS Aurora on db.t2.small instances and is not supported for RDS MySQL for db.t2.small or db.m1.small instances. I changed the instance type to db.t2.medium and that resolved the problem.
I think (but I'm not sure) that IAM Authentication is required because I had Enhanced monitoring enabled, so I may have been able to fix the problem by disabling that, but I have not tested that.

Error creating AWS MySQL RDS instance with Terraform

When creating an Amazon AWS RDS MySQL 5.7 db instance using Terraform "terraform-aws-modules/rds/aws" module, I started getting a strange error after > 1 hour. In other contexts in the past the same script worked (even more involved versions creating cross-region read replica in 2 other regions (3 in total).
When I tried to deploy to a different VPC recently I started getting an error after spending ~1 hour on the db options group resource (so not even reaching db deploy).
The error message is:
aws_db_option_group.this: Error creating DB Option Group: InternalFailure: An internal error has occurred. Please try your query again at a later time.
status code: 500 root.rds-virginia.db.db_option_group: eval: *terraform.EvalSequence
How to resolve or work around this?
Creating a dummy db option group (even though we don't need it for this use case) seems to work around this issue:
resource "aws_db_option_group" "some-option-group" {
name = "dummy-mysql-option-group"
option_group_description = "Dummy Mysql option group"
engine_name = "mysql"
major_engine_version = "5.7"
}
Terraform db option group docs: https://www.terraform.io/docs/providers/aws/r/db_option_group.html

Template error when mounting EFS to Elastic Beanstalk EC2 using AWS mount script

I am running into
"Service:AmazonCloudFormation, Message:Template error: every Fn::Join object requires two parameters, (1) a string delimiter and (2) a list of strings to be joined or a function that returns a list of strings (such as Fn::GetAZs) to be joined."
error when trying to deploy tomcat application with
https://github.com/awslabs/elastic-beanstalk-docs/blob/master/configuration-files/aws-provided/instance-configuration/storage-efs-mountfilesystem.config
script to mount the EFS file system to the elastic beanstalk EC2 instance.
I have been trying for a while now to resolve it. Any help is highly appreciated.
The EFS and EC2 are on the same VPC and mounting successfully works when I SSH into the EC2.
Surprisingly I dont see any ERROR logs in the CloudFormation stack either.
I finally figured out the problem. Its a very stupid mistake, in case you run into this problem here's what i was doing
The discreption says "To use this file to mount a file system that you created outside of AWS Elastic Beanstalk, replace the Ref with the resource ID" in below line
FILE_SYSTEM_ID: '{"Ref" : "FileSystem"}' so i inferred it should be
FILE_SYSTEM_ID: '{"<RESOURCE_ID>" : "FileSystem"}' no this is wrong what they actually mean is do this
FILE_SYSTEM_ID: RESOURCE_ID
I know this was stupid error but in case someone's stuck like me. Hopefully you don't do this mistake.

Error 10060 while trying to connect an amazon mysql rds

I created a MYSQL Amazon RDS instance and tried accessing it to through MYSQL Workbench from a windows machine.
But I'm getting an 10060 error whereas the Amazon RDS is publicly accessible.
I read some documentation on amazon forums, but I'm unable to understand how to set up VPC.
Any help will be appreciated. thanks.
This error is a result of the inbound connection rule set on your DB instance.
For each RDS database instance we create, there are Inbound & Outbound connection-security groups.
In AWS RDS console, under 'Databases', click on the 'DB Identifier' of your RDS instance. Then in the 'Security group rules' section, click on 'Inbound' type security group and edit the inbound rule to allow appropriate inbound connections.
You get 3 options here, under 'source' column:
Custom
Anywhere (Allows connections from any IP. Not recommended for production.)
My IP (Automatically detects your machine's IP)
I missed enabling public accessibility while creating RDS. We can enable it later too in the modify section of RDS. Hope it helps someone.
1st: add inbound rule.
-rds console
- instances
- details > Security groups(click link)
- EC2 Managment Console
- at the bottom of the page tab "inbound"
- edit > add rule
Choose Type: MYSQL/Aurora, Source: My ip
-save
2nd: if problem remainded try make sign out/sign in. It helped me two times contract.

Unable to Add Security Group to RDS Instance

I am running into an issue trying to connect to my RDS database with Sequel Pro anywhere outside of the IP Address where the instance was created. I came to this conclusion after trying to connect to my db form two computers with the correct information and good Wi-fi, but I would get a time out error. As a result I followed the AWS instructions to setup a VPC security group with the following setup, MYSQL/Aurora - TCP - 3306 - *my IP address*. I thought this was all that needed to be done, but I'm still getting the error and I'm unsure how to connect the security group to my RDS instance despite reading the documentation. Can anyone help?
The first step to identify the problem is to figure out where your RDS instance lies. Is it inside the VPC or is it in the classic network. This part is very important. Additionally, if it's inside the VPC, when creating it there should have been an option to enable public access or not.
After creating a new security group (I'd look at your current one and copy all the settings to your new one + the mysql access change like you have above). Simply go to the RDS console, click on the instance you want to modify, select actions, modify and adjust your security group.
If you don't have the public access enabled and you are in the VPC then you're options are more limited. You'd probably have to bridge your connection over an existing ec2 instance that can both reach the outside and the VPC. Or like I do, have a VPN into your VPC directly.
Sadly all of this is very dependent on your VPC design, and where things lie on your network diagram. If my answer isn't helpful enough, try and provide more information and I can revise.