mysqlnode.jsnestjstypeormamazon-aurora

Error TypeOrmModule Unable to connect to database with "ETIMEDOUT" or "Handshake inactivity timeout"

I have a NestJS (v8.2.x) server application which I'm attempting to connect to an AWS Arura 3.x (MySQL 8.x protocol) using TypeORM (v0.2.41) and either the mysql (v2.18.1) or mysql2 (v2.3.3) driver. The application is running in a GitHub Codespace.

When following the NestJS TypeORM documentation I'm getting the following errors:

With mysql2 driver I'm getting:

ERROR [TypeOrmModule] Unable to connect to the database. Retrying (1)...
 Error: connect ETIMEDOUT
 ...

With mysql driver I'm getting:

[TypeOrmModule] Error: Handshake inactivity timeout
 ...

The code creating the connection looks as follows:

import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { AppController } from './app.controller';
import { AppService } from './app.service';

const MYSQL_HOST = '....rds.amazonaws.com';
const MYSQL_USERNAME = '...';
const MYSQL_PASSWORD = '...';

@Module({
  imports: [
    TypeOrmModule.forRoot({
      type: 'mysql',
      host: MYSQL_HOST,
      port: 3306,
      username: MYSQL_USERNAME,
      password: MYSQL_PASSWORD,
      database: 'kitchen',
      // entities: [__dirname + '/**/*.entity{.ts,.js}'],
      debug: true,
      logging: true,
    }),
  ],
  controllers: [AppController],
  providers: [AppService],
})
export class AppModule {}

Initial Troubleshooting

First, I validated the credentials I'm utilizing in the server application. I affirmed they worked correctly to connect via TablePlus. Thus, I ruled out "invalid credentials" and determined I had another issue.

Secondly, when creating the AWS Arura database I'd selected Yes to Public Access:

Amazon EC2 instances and devices outside the VPC can connect to your database. Choose one or more VPC security groups that specify which EC2 instances and devices inside the VPC can connect to the database.

Solution

  • Fix

    TL;DR: Although, I'd selected Yes to Public Access I had to further relax the "inbound" security rules it seems. Thus, adding another "inbound rule" with source: "0.0.0.0/0" resolved my issue.

    Debug

    Why? Maybe because the default rule of source: "76.202.164.21/32" doesn't work because of where the GitHub Codespace is hosted? No idea...

    How did I find this?

    Initially, I was using the mysql2 package and getting it's error (listed above) with no StackOverflow results. As mysql2 is a "drop in replacement" for the basic mysql package I decided to revert to mysql to see if it had a different error. As listed above, I received a slightly different error which lead me to StackOverflow question Error: Handshake inactivity timeout in Node.js MYSQL module. Where there are AWS specific answers:

    a) mscheker's add an inbound rule

    For those deploying on AWS and experiencing this error, you'll need to make a change to the security group of your database/cluster and add an inbound rule where the source is the security group of your instance/s.

    b) Berkay Torun's "changing the allowed IP Addresses"

    If you are using Amazon's services, I was able to resolve this by changing the allowed IP Addresses in the security settings or by changing the open connections ports.

    are what I followed to resolve the issue. Adding an extra inbound rule of "all IPv4 address" are allowed via source: "0.0.0.0/0".