When trying to deploy my application, I recently got the following error:
ERROR: Service:AmazonCloudFormation, Message:Stack named
'awseb-e-123-stack' aborted operation. Current state: 'UPDATE_ROLLBACK_IN_PROGRESS'
Reason: The following resource(s) failed to update: [AWSEBRDSDatabase].
ERROR: Updating RDS database named: abcdefg12345 failed
Reason: DB Security Groups can no longer be associated
with this DB Instance. Use VPC Security Groups instead.
ERROR: Failed to deploy application.
How do you switch over a DB Security Group to a VPC Security Group? Steps for using the Elastic Beanstalk Console would be greatly appreciated.
For anyone arriving via Google, here's how you do it via CloudFormation:
The official docs contains an example, at the very bottom https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html#Overview.RDSSecurityGroups.DeleteDBVPCGroups
SecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
VpcId: <vpc_id>
GroupDescription: Explain your SG
SecurityGroupIngress:
- Description: Ingress description
CidrIp: 10.214.0.0/16
IpProtocol: tcp
FromPort: 3306
ToPort: 3306
RDSDb:
Type: 'AWS::RDS::DBInstance'
Properties:
VPCSecurityGroups:
- Fn::GetAtt:
- SecurityGroup
- GroupId
Had the same issue but was able to fix it by doing the following
Created a RDS db instance from the RDS console
Created a snapshot of the instance
From Elastic Beanstalk console under configuration/database, create the RDS db using the instance
Once the new RDS db instance was created by EBS, inn configuration/software add db environment properties
I hope it helps you resolve this issue.
Related
I'm trying to create an AWS Aurora read replica from an RDS MySQL Instance, but I'm getting the following error.
IAM Database Authentication is not supported for this configuration. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: cabe107c-d4c9-4d97-9222-b659622a04b6; Proxy: null)
It turns out that my problem was that I was trying to create a db.t2.small instance, but IAM authentication is not supported for AWS Aurora on db.t2.small instances and is not supported for RDS MySQL for db.t2.small or db.m1.small instances. I changed the instance type to db.t2.medium and that resolved the problem.
I think (but I'm not sure) that IAM Authentication is required because I had Enhanced monitoring enabled, so I may have been able to fix the problem by disabling that, but I have not tested that.
I am trying to connect to cloud sql hosted in gcp from eclipse, not able to do so. I have whitelisted my ip using the connection settings on cloud sql instance. I have added the driver also in eclipse for mysql.
I think I am making mistake in constructing the connection string. Please refer below details.
connectionName: abc-dev:europe-west1:abc-instance
So in connection section
database: abc-dev:europe-west1:abc-instance
url: jdbc:mysql://35.233.100.100:3306/abcInsoles
user: root
password: xyz123
It throws exception:
com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
I am running it from local.
Can you throw some insights?
Many thanks.
The "database" value is incorrect - this is the name of the database on the instance itself (not the instance's connection string).
Since you are using Java, you may be interested in the Cloud SQL JDBC Socket Factory - it allows you to connect to the Cloud SQL instance without whitelisting an IP.
I have hosted Jenkins on Kubernetes cluster which is hosted on Google Cloud Platform. I am trying a run a a python script though Jenkins. There is a need for the script to read a few values on MySQL. The MySQL instance is being run separately on one of the instances. I have been facing issues connecting Kubernetes to MySQL instance. I am getting the following error:
sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (2003, "Can't connect to MySQL server on '35.199.154.36' (timed out)
This is the document I came across
According to the document, I tried connecting via Private IP address.
Generated a secret which has MySQL username and password and included the Host IP address in the following format taking this document as reference:
apiVersion: v1
kind: Secret
metadata:
name: db-credentials
type: Opaque
data:
hostname:<MySQL external ip address>
kubectl create secret generic literal-token --from-literal user=<username> --from-literal password=<password>
This is the raw yaml file for the pod that I am trying to insert in the Jenkins Pod template.
Any help regarding how I can overcome this SQL connection problem would be appreciated.
You can't create a secret in the pod template field. You need to either create the secret before running the jobs and mount it from your pod template, or just refer to your user/password in your pod templates as environment variables, depending on your security levels
I am using Google App Engine and Cloud SQL (My SQL 2nd Gen Instance) in my Node JS application and I am having troubles.
I am connecting fine in local using cloud proxy, but as soon as I deploy it fails.
I am using Sequelize to connect to cloud SQL.
I do have correct password/username/instance connection name.
I have enabled API, otherwise I would not be able to connect from proxy.
In my "app.yaml" I do have correct "beta_settings" tag with correct "cloud_sql_instances" value.
Message from Cloud SQL:
`{insertId: "s=7560d77466cb46cebc3933acc1c41082;i=1a5ff5;b=30867f100f0d483ea84a5718c3948aed;m=886b8bfcbb;t=578fd8d7ad54f;x=a821eba2c35efe29-0#a1"
logName: "projects/[CORRECT PROJECT]/logs/cloudsql.googleapis.com%2Fmysql.err"
receiveTimestamp: "2018-10-24T18:21:25.190291090Z"
resource: {
labels: {
database_id: "[CORRECT DB ID]"
project_id: "[CORRECT PROJECT ID]"
region: "us-central"
}
type: "cloudsql_database"
}
severity: "ERROR"
textPayload: "2018-10-24T18:21:19.249532Z 53509 [Note] Access denied for user 'root'#'cloudsqlproxy~66.85.23.1' (using password: NO)"
timestamp: "2018-10-24T18:21:19.249743Z" }`
Message fron APP Engine (Express, Sequelize):
`Error: connect ECONNREFUSED 127.0.0.1:3306 at TCPConnectWrap.afterConnect [as oncomplete]`
It seems like similar question has been asked numerous times, and I have read more than 10 stackoverflow questions and answers and I still do not have right answer for it.
Can I get some help?
Thank you.
I know this is old - but I've been having the same problem with my NodeJS app connecting to CloudSQL Postgres. A little digging on the AppEngine instance eventually showed that while the docs show 127.0.0.1 as the host, it's actually running the CloudSQL proxy docker image - so while it's 127.0.0.1 from the instance itself, my database hostname actually needed to be "cloudsql" from the app container.
Try connecting to cloudsql:3306 and see if it works!
Being new to the platform I've followed the setup tutorial:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_Python_django.html
When I tried to created the RDS DB it wouldn't let me with the message:
InvalidParameterValue. Access Denied to API Version: API20120423
Output in the commandline:
What could be the reason for this happening?
As a workaround you can answer 'n' to the question "Create an RDS DB Instance", in this way you should be able to complete the init step of your environment.
Then to create an actual RDS DB go to your AWS console, in the Elastic Beanstalk section you'll find your newly created env. Click on the env and in the "Configuration" page you'll find a "Data tier" section, where you'll be able to create a RDS DB, associating it to your env.