AWS RDS Aborted Connection Haproxy

Question

I create 1 master and 2 replication in AWS RDS and 1 EC2 with haproxy

listen rds-cluster
    bind 172.30.0.xxx:3306
    mode tcp
    option mysql-check user ha_check
    balance roundrobin
    server mysql-1 replica1.xxxx.ap-southeast-1.rds.amazonaws.com:3306 check weight 1 fall 2 fastinter 1000
    server mysql-2 replica2.xxxx.ap-southeast-1.rds.amazonaws.com:3306 check weight 1 fall 2 fastinter 1000

If I can connect directly using endpoint to replica server, But if I using haproxy

$ mysql -h172.30.0.xxx -uha_read -ppassword -e "show variables like 'server_id'"
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

i got that error

I already increase connect_timeout

if I check

SHOW GLOBAL STATUS LIKE 'Aborted_connects';

it's keep increasing

===============

This article solve my problem CUSTOM CONFIGURATION OF AMAZON RDS INSTANCES

Answer 1

by default if you did not change the security group settings when launch RDS, only your IP will be authorized to reach your databases. In your case you need to authorize your haproxy node to reach your databases as well.

Go to RDS, select your instance, then security group, edit, add a new rule to enable either the security group of your HAproxy (best practice) or HAproxy IP (still good enough if this is an elastic IP) to access the database on port 3306.

Hope this is clear enough :)

EDIT: I understand that you solved your issue, but for people reading later (or even for you if you want to enhance security) I add a little information about what I said: the RDS hostname will be resolved to private IP when the DNS query is made from an instance in the same VPC to the Amazon provided DNS server in that VPC. Thus in your security group, in that case, you would have to allow either the subnet of you haproxy or its private IP (not public one).