I am quite new to Elastic Beanstalk and not very proficient with server administration, but I need to set up a Django project on Elastic Beanstalk connecting to external RDS MySQL database.
I have created a separate RDS MySQL database and I can connect to it using Sequel Pro on my computer without problems. Then I have my Django project which I try to put to Elastic Beanstalk, but unfortunately without luck. If I run the local Django server from my computer, the project is browsable and Amazon RDS MySQL is accessible. However, when I run
eb deploy
I get
django.db.utils.OperationalError: (2003, "Can't connect to MySQL server
on 'myapp-staging.xxx.eu-west-1.rds.amazonaws.com' (110)")
(ElasticBeanstalk::ExternalInvocationError)
If I login to the EC2 server via SSH
eb ssh
and then check the open ports with
netstat -lntu
I don't see MySQL's port 3306 there, so I guess it is blocked by firewall.
This is what I tried regarding permissions:
Then I tried to redeploy, restart servers and even rebuild environment, but nothing helped. The MySQL port 3306 is still not open in the EC2 instances created by Elastic Beanstalk.
What am I doing wrong or what is missing?
To connect to a private RDS DB instance from a local machine using an EC2 instance as a jump server, follow these steps: Launch and configure your EC2 instance and configure the network setting of the instance. Configure the RDS DB instance's security groups. Connect to the RDS DB instance from your local machine.
Make a note of an instance ID that you want to connect to. In the navigation pane of the Amazon EC2 console, choose Instances, and find your instance ID in the list. Right-click the instance ID for the Amazon EC2 instance running in your environment's load balancer, and then select Connect from the context menu.
If you use EC2 Classic (no VPC) with AWS Elastic Beanstalk, the procedure changes slightly due to differences in how security groups work. In EC2 Classic, DB instances can't use EC2 security groups, so they get a DB security group that works only with Amazon RDS.
You need to give all specific permission to AWS resources those are used by Elastic Beanstalk to read and update the environment, including: CloudFormation EC2 Auto Scaling Group Elastic Load Balancer CloudWatch S3 SNS RDS SQS Elastic Beanstalk This is all required policy to allow IAM user access, update, deploy and ssh to Elastic Beanstalk:
There are two options to get started, which are the following. Create a new database in Amazon RDS. Start with a database that was previously created by Elastic Beanstalk and subsequently decoupled from a Beanstalk environment. For more information, see Adding a database to your Elastic Beanstalk environment.
Subsequently, when you attempt to terminate the environment, Elastic Beanstalk will be unable to delete the environment's security group, because the database's security group is dependent on it.
MySQL port 3306 is only opened at the RDS instance (not in your EC2 instance). So, if you check on your EC2 instance, it should not listen on port 3306.
Things those you can do to check RDS is working:
eb ssh
) and run telnet myapp-staging.xxx.eu-west-1.rds.amazonaws.com 3306
. You might need to install telnet
first (yum install telnet
).iptables
.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With