英文:
Unable to connect to public RDS instance
问题
我已经为2天了。 进行了大量的与连接相关的研究和故障排除。 我会列举我所做的一切以及一切的设置如何设置。
-
我创建了一个自定义的VPC,使用了10.0.0.0/16的CIDR。
-
我创建了6个子网,包括2个公共子网,2个私有子网和2个数据库公共子网。
-
为这些子网创建了路由表。
-
公共子网和数据库子网都有指向Internet网关(IGW)的路由。
-
Internet网关已经附加到VPC。
-
数据库已经创建,并设置为“public access”,同时部署在公共数据库子网中。
-
安全组已经更新了入站规则。最终,我希望只能从一组给定的IP地址连接,但现在为了故障排除,我对所有IP都打开了。
到这一点,根据我观看的所有教程和视频,我应该能够连接到RDS实例。
其中一个建议的故障排除步骤是尝试使用TELNET连接到实例。我已经编辑了端点,但那是我从RDS面板获取的。
➜ proj git:(main) ✗ telnet REDACTED.REDACTED.us-west-1.rds.amazonaws.com 5432
正在尝试连接到XX.XXX.39.69...
telnet: 连接到地址XX.XXX.39.69时超时
telnet: 无法连接到远程主机
另一个建议是尝试从不同的网络进行连接。我尝试过使用蜂窝数据和从DigitalOcean的VPS,但效果相同。
希望有人能指导我,因为这让我发疯...
编辑1: ENI公共IP地址与TELNET解析的IP地址匹配。
英文:
I've been struggling with this for 2 days now. Did a lot of research and troubleshooting for the most obvious things related to the connection. I'll enumerate all I did and how is everything is setup.
-
I created a custom VPC for this in the 10.0.0.0/16 CIDR
-
I created 6 subnets, 2 public, 2 private and 2 db public subnets.
-
The database has been created with "public access" and also in the public db subnets.
-
The Security Group has been updated with inbound rule. Eventually I would like to only connect from a given set of IPs but for now I'm opening to all IPs for troubleshooting.
So until this point according to all the tutorials, videos that I've watched I should be able to connect to the RDS instance.
One of the suggested troubleshooting steps was to try and TELNET into the instance.
I redacted the endpoint but that's the one I got from the RDS panel.
➜ proj git:(main) ✗ telnet REDACTED.REDACTED.us-west-1.rds.amazonaws.com 5432
Trying XX.XXX.39.69...
telnet: connect to address XX.XXX.39.69: Operation timed out
telnet: Unable to connect to remote host
Another suggestion was to try from a different network. I did try on cellular data and also from a VPS in DigitalOcean, same effect.
Hope someone can guide me on this because it's driving me crazy...
EDIT1: ENI Public IP address does match the resolved IP from TELNET
答案1
得分: 1
为了重现你的情况,我执行了以下操作:
- 创建了一个跨两个可用区的VPC,每个可用区都有1个公共子网、1个私有子网和1个“DB”子网
(然后我将 private3
和 private4
重命名为我的DB子网。)
- 编辑了与“DB”子网关联的路由表:
- 确保路由表与我的“DB”子网相关联:
-
创建了一个包含两个“DB”子网的新的DB子网组
-
启动了一个Amazon RDS数据库:
- PostgreSQL 14.6
- 开发/测试,单个DB实例
- 实例类型:
db.t3.micro
- 公共访问 = 是
- 使用上述DB子网组
- 创建新的安全组
-
确认自动创建的安全组允许Inbound端口5432连接到我的IP地址(是的!)
-
使用
psql
从我的笔记本连接到数据库:
psql -h stack-db.cdigff1pjpzh.ap-southeast-2.rds.amazonaws.com -U postgres
Password for user postgres:
psql (15.2, server 14.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, compression: off)
Type "help" for help.
postgres=>
连接正常!
请将我的步骤与你的步骤进行比较,看看可能有什么不同。
英文:
To reproduce your situation, I did the following:
- Created a VPC across 2 AZs, each with 1 Public, 1 Private and 1 "DB" subnet
(I then renamed private3
and private4
as my DB subnets.)
- Edited the route table associate with the "DB" Subnets:
- Made sure that Route Table was associated with my "DB" subnets:
-
Created a new DB Subnet Group containing the two "DB" subnets
-
Launched an Amazon RDS Database:
- PostgreSQL 14.6
- Dev/Test, Single DB instance
- Instance type:
db.t3.micro
- Public access = Yes
- Used the above DB Subnet Group
- Create new Security Group
-
Confirmed that the auto-created security group permits Inbound port 5432 to my IP address (It did!)
-
Connected to the database using
psql
from my laptop:
psql -h stack-db.cdigff1pjpzh.ap-southeast-2.rds.amazonaws.com -U postgres
Password for user postgres:
psql (15.2, server 14.6)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, compression: off)
Type "help" for help.
postgres=>
It connected just fine!
Please compare my steps with yours to see what might be different.
答案2
得分: 0
我最终创建了一个新的AWS账户并运行了完全相同的配置,没有任何问题...我发现有一些其他报告中的人也遇到了相同的问题(请参见下面的链接)。显然,这种情况发生在被封锁/受限制的账户上,当他们解除限制时,某些东西仍然出现问题。不幸的消息是,这需要AWS的技术支持来解决,他们不会在没有提出技术问题的情况下接受这个问题,而提出技术问题需要订阅...
AWS的最终解决方案。
我使用内部工具进行了一些研究,发现您账户中的资源受到限制。我看到该账户最近从被暂停状态中恢复。当账户被暂停时,所有地区的资源将处于受限制的状态。在账户恢复后,这种限制应该在每个地区手动移除。我假设这是我们这边没有完成的,因此我看到了这个限制。
请代表AWS接受我对由此造成的不便的道歉。
此外,我联系了我的内部团队,已经在您的账户中的所有地区解除了限制。我可以确认限制现在已经被移除。请确认您现在是否可以连接到实例。
我再次为造成的不便道歉。如果您有任何其他问题,请随时与我联系。我将很乐意帮助您。
谢谢,祝您有一个愉快的一天!
我们重视您的反馈。请通过在AWS支持中心的此次通讯右上角选择星级来分享您的体验。
最诚挚的问候,
Ruchikka C.
Amazon Web Services
英文:
I ended up creating a new AWS account and run the exact same configuration and it worked without any issue... I found some other reports were people are experiencing the same issue (see link below). Apparently it happens for accounts that were blocked/restricted and when they lift the restriction something stays broken. Sad news is that it requires technical assistance from AWS to solve and they won't accept the issue without raising a technical issue which requires a subscription...
FINAL RESOLUTION FROM AWS.
I did some research using internal tool and see that resources in your account are under restricted access. I see that account was reinstated recently from suspended state. When account are suspended, the resources in all the region will be in restricted access. After the account reinstated, this restriction should be removed in every region manually. I assume this was not done from our end thus I see the restriction.
Please accept my apologize on behalf of the AWS for the inconvenience caused due to the same.
Moving further, I contacted my internal team and got the restriction removed in all the region for your account. I can confirm the restriction has been removed now. Please confirm whether you could connect to instance now.
I once again apologize for the inconvenience caused. Please do not hesitate to get back to me if you have any other queries. I will be happy to assist you.
Thank you and have a nice day!
We value your feedback. Please share your experience by rating this and other correspondences in the AWS Support Center. You can rate a correspondence by selecting the stars in the top right corner of the correspondence.
Best regards,
Ruchikka C.
Amazon Web Services
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论