Reputation: 191
Connection error when using AWS RDS proxy
I had setup RDS proxy for an Aurora DB cluster and I am getting the following error while connecting. Note that I am able to connect to the original DB cluster without any issue. I checked the security groups, they look fine (Both proxy and DB are same security group and There is rule that allows 3306 from self). I verified the credentials in AWS Secrets Manager, It also looks fine. Did any one face this issue ?
Lost connection to MySQL server at 'handshake: reading initial communication packet', system error: 11
Upvotes: 7
Views: 7171
Answers (3)
Reputation: 39
The best thing you can probably do is to create a separate security group for the RDS Proxy.
It is not possible, right now through AWS web console, to create a self reference.
Upvotes: 1
Reputation: 691
Correct. Adding a 'self referential' security group rule worked for me too. To elaborate for those who don't know what this means (it wasn't immediately obvious for me).
RDS proxy needs a security group inbound rule to accept connections on 3306 from wherever those connections might come from e.g. your ec2 private ip / container / lambda function etc.
Your RDS/Aurora instance might need this too if you want direct connections that bypass the proxy
The self referential part, is that RDS/Aurora also needs a rule to allow it to accept connections from the proxy. If you're using the same security group for both the proxy & the db instance; the way to do this is to enter the security group ID in the inbound rules (instead of an ip address or ip range); e.g. allow inbound on port 3306 from security group sg-123456
Both proxy & instance need to send outbound traffic; the default for this is 0.0.0.0/0 (e.g anything, anywhere).
Upvotes: 1
Reputation: 81
I just had this same error and, after re-reading the User Guide (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html), I discovered my issue was related to Security Groups.
I too am using the same security group for the Proxy and DB, but didn't have both self referential rules set:
- An outbound rule to itself on port 3306
- An inbound rule to itself on port 3306
Ensuring I had both of these resolved my issue and I hope will save anyone who reads this a few minutes in resolving it too.
Upvotes: 8
Related Questions
- Can't connect to RDS PostgreSQL DB instance through an RDS proxy
- RDS Aurora Proxy connection fails with "Failed to Connect to MySQL"
- Database access denied for AWS RDS proxy
- Why can I not connect to an RDS Aurora DB via proxy?
- SSL connection error when trying to connect to mysql Aurora via the mysql CLI
- RDS Aurora Mysql and ECS connection timeouts (pymysql.err.OperationalError) (2003, "Can't connect to MySQL)
- aws rds proxy throws timeout error from nodejs12.x
- Getting error while connecting to Amazon Aurora with MySQL Workbench
- AWS Aurora - Unable to connect to aws aurora db
- AWS Data Pipeline Cannot Connect with RDS Mysql (connection time out)