7

I am trying to connect to DAX from a localhost using the following code:

    ClientConfig daxConfig = new ClientConfig()
            .withEndpoints("dax-cluster.yhdqu5.clustercfg.dax.use1.cache.amazonaws.com:8111");
    AmazonDaxClient client = new ClusterDaxClient(daxConfig);

The cluster is up and running, I've created it in a public subnet and opened port 8111 in the security group, but despite this I receive the following exception:

Caused by: java.io.IOException: No endpoints available
    at com.amazon.dax.client.cluster.Cluster.leaderClient(Cluster.java:560)
    at com.amazon.dax.client.dynamodbv2.ClusterDaxClient$3.getClient(ClusterDaxClient.java:154)
    at com.amazon.dax.client.dynamodbv2.ClusterDaxClient$RetryHandler.makeRequestWithRetries(ClusterDaxClient.java:632)
    ... 10 more
    Suppressed: java.io.IOException: No endpoints available
        ... 13 more
        Suppressed: java.io.IOException: No endpoints available
            ... 13 more

Other answers on StackOverflow suggest that this may be caused by incorrectly configured security group and to test it I've launched an instance in the same VPC/subnet and used the same security group and I was able to ssh to this host (both 22nd and 8111-st ports are opened in the security group). So there should be some other DAX related reason.

The firewall on my machine is turned off.

But if I ssh to a machine in EC2, then I can connect to the DAX cluster:

[ec2-user@ip-10-0-0-44 ~]$ nc -z dax-cluster.yhdqu5.clustercfg.dax.use1.cache.amazonaws.com 8111
Connection to dax-cluster.yhdqu5.clustercfg.dax.use1.cache.amazonaws.com 8111 port [tcp/*] succeeded!
Ivan Mushketyk
  • 8,107
  • 7
  • 50
  • 67
  • 3
    You can only connect to DAX from an EC2 machine in the same VPC as the DAX cluster. Unless your localhost is an EC2 instance in the same VPC, it won't be able to connect to the DAX cluster. – Abdelrahman Elhaddad Sep 03 '17 at 19:46

3 Answers3

9

You can only connect to DAX from an EC2 machine in the same VPC as the DAX cluster. Unless your localhost is an EC2 instance in the same VPC, it won't be able to connect to the DAX cluster.

Abdelrahman Elhaddad
  • 831
  • 5
  • 7
  • 1
    Can someone explain why this is the case? Why would they have this restriction? Is there anyway around it? I have a service that lives in another cloud provider that I want to access DAX. – Charles Mar 09 '18 at 10:27
  • 2
    you can use VPN Connections to connect dev machine or server in another cloud provider to "appear" in the same VPC as the Dax cluster – Bill Yang Jul 18 '18 at 22:39
  • 1
    Ah the hours I wasted on this. I thought it's a security group issue. Then I scp my program binary to EC2, run it, and voila... I queried an Item from my DAX. Indeed. VPN or EC2. – Lukas Lukac Dec 02 '20 at 22:01
5

If you are making call from your lambda, make sure you have the lambda running with in the same vpc, it has granted iam role to access dax and it has opened the dax port for the security group

myPavi
  • 201
  • 2
  • 5
3

There is a way to access it from outside the VPC, You will have to create a NLB which fronts the dax replicas. Then you need to use VPC endpoint service to provide a link which can access this. You can then use the endpoints provided to make calls. 

VPCEndpoint -> NLB -> Dax replica 1
                   -> Dax replica 2

You can then used code sample below to connect to DAX

import com.amazon.dax.client.dynamodbv2.DaxClient;
AmazonDynamoDB amazonDynamoDb = new DaxClient(
                "vpce-XXX-YYY.vpce-svc-ZZZ.us-west-2.vpce.amazonaws.com",
                8111, region, credentials);
Whimsical
  • 5,985
  • 1
  • 31
  • 39
  • How do you point a NLB to a DAX cluster? None of the target group options seem to be able to, since the DAX cluster doesn't have EC2 instance, visible IP addresses, or a load balancer you can select. – Sepehr Nazari Sep 12 '22 at 20:18