0

My original plan was to set up a serverless aurora postgres database on aws to save money since I needed something to use within a dev environment and that we could connect to from our local machines. Having found out that you can't have a publicly accessible aurora serverless postgres instance (AWS Aurora MySQL serverless: how to connect from MySQL Workbench), I decided to opt for a db.t3.medium on demand instance instead. I created it using the following terraform:

resource "aws_rds_cluster" "operational_postgresql" {
  cluster_identifier      = "aurora-postgres-cluster-dev"
  engine                  = "aurora-postgresql"
  engine_version            = "14.3"
  availability_zones      = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  database_name           = "operational_db"
  master_username         = "XXXXXX"
  master_password         = "XXXXXX"
  backup_retention_period = 5
  preferred_backup_window = "07:00-09:00"
  skip_final_snapshot = false
  final_snapshot_identifier = "aurora-postgres-dev-cluster-backup"

}

resource "aws_rds_cluster_instance" "operational_postgresql_db_dev" {
  cluster_identifier = aws_rds_cluster.operational_postgresql.id
  instance_class     = "db.t3.medium"
  engine             = aws_rds_cluster.operational_postgresql.engine
  engine_version     = aws_rds_cluster.operational_postgresql.engine_version
  publicly_accessible = true
}

And have verified that the cluster has a writer instance and a reader instance. I have also verified that the cluster is inside a vpc which is connected to an internet gateway (it's the default aws vpc, since there was none specified in the terraform). However, when I try to call this database with psycopg2 from my own machine, I get the following error:

*sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) connection to server at "aurora-postgres-cluster.cluster-XXXXXXXXX.eu-west-1.rds.amazonaws.com" (52.XXX.XXX.XXX), port 5432 failed: Operation timed out
        Is the server running on that host and accepting TCP/IP connections?*

Any help would be much appreciated.

Anthony Sotolongo
  • 1,395
  • 2
  • 9
  • 17
Boris
  • 716
  • 1
  • 4
  • 25
  • You said you verified it is connected to an internet gateway, but didn't say what the rules are for it. This is likely a firewall/SG issue. – jjanes May 19 '23 at 17:13
  • @jjanes, I have verified that the db has 3 subnets and a vpc associated to it, and that the 3 subnets are associated to an ACL which has rule 101 set to allow all traffic from 0.0.0.0/0. I have also verified that the subnets are associated with the default routing table, which has an internet gateway as one of its targets. I tried calling the cluster endpoint and the instance endpoint and got a timeout in both cases. – Boris May 20 '23 at 16:10

1 Answers1

0

The instances in the Aurora cluster each have an associated "security group". The security group is where you need to say IP address such-and-such (or IP range) is allowed to connect to port such-and-such. Then you can use that same security group across as many instances as you like. You find the security group listing from the EC2 console.

In the security group, there's an option to automatically fill in your own current IP as the address that's allowed to connect. I've found sometimes when going through a VPN, it doesn't pick up the address that it should use. The one that works most reliably for me is whatever comes back from curl --silent ifconfig.me.

Max Webster
  • 181
  • 6
  • Also BTW I used to use t3.medium as my default "smallest" instance class for Aurora PostgreSQL. However, t4g.medium is the same specs and 1 cent per hour (US $) cheaper. – Max Webster Jun 20 '23 at 22:12