Wondering how to fix connectivity issues between ECS tasks and RDS database? We can help you with this!

As a part of our AWS Support Services, we often receive similar requests from our AWS customers.

Today, let’s see the steps followed by our Support Techs to help our customers to fix the connectivity issues between ECS tasks and RDS database.

 

Connectivity issues between ECS tasks and RDS database

 

At first we need to check and verify the the network configuration and then we should verify the database connection parameters.
 

Check and verify network configuration

 
Let’s see the steps to verify if a Linux/Windows based container instance can establish a connection to the database.
 

Windows based container instance

 

1. We can use RDP to connect to the container instance where the task is placed.

2. Run the following telnet command to connect to the RDS database using Windows command prompt or Windows PowerShell:

$ telnet test.xy98cde7fg6.us-west-1.rds.amazonaws.com 3306

Note that we need to replace test.xy98cde7fg6.us-west-1.rds.amazonaws.com and the port 3306 with the database endpoint and database port respectively.

If the command results a blank page, it means the connection is established.

We will receive Connection Timed Out errors if the connection isn’t established.

Then we need to follow the below steps:

1. We need to check that the attached security groups allow access to the RDS database. We can use the Description tab for the selected instance in the EC2 console.

It is always better to create a security group that allows incoming traffic from the database port. Then, attach the security group to the database and container instance.

2. Then we should check if the network ACL and route table associated with the subnet allow access to the database.
 

Linux based container instance

 

1. Firstly, We can use SSH to connect to the container instance where the task is placed.

2. Then we need to run the following telnet command to connect to the RDS database

$ telnet test.xy98cde7fg6.us-west-1.rds.amazonaws.com 3306

Note that we need to replace test.xy98cde7fg6.us-west-1.rds.amazonaws.com and the port 3306 with the database endpoint and database port respectively.

For example, the output of the above telnet command gives the following result:

Trying 172.32.112.27
> Connected to test.xy98cde7fg6.us-west-1.rds.amazonaws.com
> Escape character is '^]'.

 

Check and verify the database connection parameters

 
Now let’s see the the steps to check and verify the RDS database connection parameters:

1. Firstly, we need to securely pass the sensitive information like database endpoint, database port, and database access credentials as environment variables in the the environment section of container definition.

2. If this establish a connection with the database, but unable to authenticate due to incorrect parameters like database user name or password, then we need to reset the password.

3. Remove if any character spaces that in front or back of our connection parameters.

[Need help with more AWS queries? We’d be happy to assist]
 

Conclusion

 
To conclude, today we discussed the steps followed by our Support Engineers to help our customers to fix the connectivity issues between ECS tasks and RDS database.