amazon-web-servicesproxyamazon-rdsamazon-rds-proxy

Can't connect to RDS PostgreSQL DB instance through an RDS proxy


I'm trying to put use an RDS proxy to pool and share connections established with an RDS database with a PostgreSQL engine. The problem is I'm able to open a connection to the DB, both through an ECS instance or in PgAdmin, however, I'm not able to connect through the proxy. To attempt a connection through the proxy in PgAdmin, I'm using the proxy endpoint as opposed to the DB endpoint but the connection attempt times out.

I've successfully created the proxy and associated with my DB, both proxy and DB status is available. I've followed the example proxy setup and the DB and the proxy are using the same VPC security group.

Any ideas?

enter image description here

enter image description here


Solution

  • It seems to me that you are connecting to the proxy from outside of AWS. If this is the case, then its not possible to do this directly:

    Your RDS Proxy must be in the same VPC as the database. The proxy can't be publicly accessible, although the database can be.

    Your may be able to connect to RDS since it publicly accessible. RDS proxy on the other hand, can only be access from within the same VPC, e.g., from an instance.

    Therefor, the solution is to setup an instance in the same VPC as your RDS and proxy. The instance must be accessible using SSH.

    On the instance, you can run pgadmin4, in docker:

    docker run --rm -p 8080:80 \
        -e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' \
        -e 'PGADMIN_DEFAULT_PASSWORD=Fz77T8clJqJ4XQrQunGA' \
        -d dpage/pgadmin4
    

    The command, after setting up the docker, will server pgadmin4 on port 8080 on the instance.

    You can check on the instance if its working:

    curl localhost:8080
    

    which can give the following indicating that its working:

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <title>Redirecting...</title>
    <h1>Redirecting...</h1>
    <p>You should be redirected automatically to target URL: <a href="/login?next=%2F">/login?next=%2F</a>.  If not click the link
    

    However, since your instance is only accessible through ssh (port 22), to access it from your local workstation, you have to establish an ssh tunnel:

    ssh  -i <private-key>  -L   8080:localhost:8080 -N ubuntu@<public-instance-ip> -v
    

    In the above, my instance was Ubuntu. For Amazon Linux 2, the user would be ec2-user.

    The tunnel will forward port 8080 from the instance (i.e. pgadmin4) to your local workstation on port 8080.

    Then you just point your browser to localhost:8080 and you should see the pgadmin4 welcome screen.

    P.S. My RDS and proxy settings used for the verification:

    enter image description here

    enter image description here

    enter image description here