AWS Quicksight cannot connect to Aurora PostgreSQL in a private subnet - amazon-quicksight

I am trying to connect to Aurora PostgreSQL database in a private subnet from QuickSight. I created the VPC connection in the Quicksight dashboard and when i try to create a new analysis using Aurora as the data source i get the following error -
sourceErrorCode:GENERIC_SQL_EXCEPTION
sourceErrorMessage:The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
The auth type is username/passwd. Any idea what am i doing wrong?

Ok, so Quicksight does not support aurora-postgresql14 as of now. Downgrading to 13.8 worked out.

Related

Laravel: connecting the AWS ElasticCache Redis is timing out

I am working on a Laravel application. I using Redis and I am using AWS ElasticCache service for that. I am trying to connect to the Redis from my Laravel application. But it is timing out. This is what I have done.
I installed the Predis library by running the following command.
composer require predis/predis
Then I created a Redis instance in the ElastiCache service console enabling AUTH setting my password token.
Then I set the variables in the .env files.
CACHE_DRIVER=redis
REDIS_CLIENT=predis
REDIS_HOST=master.laravelredistest.8sm3xo.euw1.cache.amazonaws.com
REDIS_PASSWORD=mypassword
REDIS_PORT=6379
When I run the code to connect to the Redis, I got the following error.
Operation timed out [tcp://master.laravelredistest.8sm3xo.euw1.cache.amazonaws.com:6379]
What is missing with my configuration and how can I fix it?
I also updated the security group of Redis to allow the EC2 instance's security group in the inbound rules as follows:
I am getting this error this time:
I edited the SG of Redis to add the following inbound rule too.
The security groups are in the same VPC too as you can see in the screenshot:
This sounds like a security group issue causing the timeout.
Elasticache clusters are always private so if you're using a public ip address, this will need to be updated to be the private ip address range of your instance/subnet/VPC.
An Elasticache cluster is a resource in your VPC, therefore network transit needs to be allowed for the cluster to be accessible.
More information is available in the Accessing Your Cluster page.
Additional Configuration
This is the issue. I also needed to delete the existing Redis instance and create another one without AUTH token enabled.

Not able to connect Amazon Aurora Serverless from SQL client

Today I've created Amazon Aurora Serverless cluster for PostGreSql in us-west-2, ensured the VPC and security groups in
a way that, it should be publicly accessibly. But I'm not able to connect that cluster using the aurora endpoint from my Navicat/PgAdmin4 desktop client. Then I tried from the EC2 instance that are in same security group/vpc as like as Aurora Serverless, then it worked.
From AWS froum,
You can't give an Aurora Serverless DB cluster a public IP address.
You can access an Aurora Serverless DB cluster only from within a
virtual private cloud (VPC) based on the Amazon VPC service.
Source: https://forums.aws.amazon.com/thread.jspa?messageID=862860&tstart=0
Seems it uses an internal AWS networking setup that currently only supports connections from inside a VPC, and it must be the same VPC where the serverless cluster is deployed.
So now basically my question is that,
Is there any workaround to connect Aurora Serverless with any client like Navicat or PgAdmin4?
I found a cool hack that is working perfectly for my development purpose with some tweaks and I know I don't need this on my production environment.
So as we know Aurora Serverless works only inside VPC. So make sure you are attempting to connect to Aurora within the VPC and the security group assigned to the Aurora cluster has the appropriate rules to allow access. As I mention earier that I already have an EC2 instance, Aurora Serverless and a VPC around both. So I can access it from my EC2 but not from my local pc/ local sql client. To fix that I did below two steps.
1. To access from any client(Navicat in my case),
a. First need to add GENERAL db configurations like aurora endpoint host, username, password etc.
b. Then, need to add SSH configuration, like EC2 machine username, hostip and .pem file path
2. To access from project,
First I create a ssh tunnel from my terminal like this way,
ssh ubuntu#my_ec2_ip_goes_here -i rnd-vrs.pem -L 5555:database-1.my_aurora_cluster_url_goes_here.us-west-2.rds.amazonaws.com:5432
Then run my project with db configuration like this way test.php,
$conn = pg_connect("host=127.0.0.1 port=5555 dbname=postgres user=postgres password=password_goes_here");
// other code goes here to get data from your database
if (!$conn) {
echo "An error occurred.\n";
exit;
}
$result = pg_query($conn, "SELECT * FROM brands");
if (!$result) {
echo "An error occurred.\n";
exit;
}
while ($row = pg_fetch_row($result)) {
echo "Brand Id: $row[0] Brand Name: $row[1]";
echo "<br />\n";
}
This question comes up over and over for multiple AWS services (most new ones are VPC only by default). The short answer is - you can hack up something and expose the DB outside of the VPC, but it is not recommended for a production setup. Assuming this is for a dev setup, by all means try the recommendations from [1]. It is for Neptune, but you can do the exact same thing for Aurora.
[1] Connect to Neptune on AWS from local machine

Connecting to Aurora AWS Serverless

I’ve now tried to create a serverless Aurora (MySQL compatible) database and connect to it for two days, and I just can’t seem to get it to work. Supposedly I should have been able to get it up and running in five minutes.
In any case, I created am Aurora Serverless database in the US East (N. Virginia) region (us-east-1), and have been able to connect to it with the AWS Query Editor. I also have an EC2 server in the same region, and have given the Aurora database the same security group (under RDS > Security Group), and in the security group I have opened for MYSQL/Aurora (TCP, 3306) from all sources. When I click the modify button on the database, there is also another (VPC) Security Group listed (rds-launch-wizard-4), which was created automatically. This one I also located under my EC2 dashboard and gave access to all ports from all sources (inbound), and to all ports (outbound). And there is a networking VPC & subnet group, which I don’t know what to do with, if anything.
I try to connect to the database, using this command line command:
mysql -h hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com -P 3306 -u root –p
It generates an error “ERROR 2003 (HY000): Can't connect to MySQL server on” on both my EC2 instance, my local computer and on other online servers.
From the EC2 instance, try doing a telnet on the DB port to test if all your security group settings are applied correctly.
telnet hest2.cluster-xxxxx.us-east-1.rds.amazonaws.com 3306
If the connection does go through, then the issue is with your client code. Cross check that you have wired the right endpoint in your code.
If the telnet connection does not group (I'm guessing that it would not), then it is guaranteed that your security group settings are not set correctly. In order to debug this further, we would need more details on:
The list of vpc security groups associated with your cluster.
The details of each of these vpc security groups (You've mentioned that
you've opened up everything, but I'd like to see the exact rules in
place)
As for laptop and other servers - If they are outside the VPC, then it would not work. Aurora Serverless is accessible only from within the VPC as of now.

Connecting to instance using putty

I launched a spot instance using this official cloud formation template provided by AWS labs.
https://github.com/awslabs/ec2-spot-labs/blob/master/ec2-spot-fleet-launch-templates/ec2-spot-fleet-launch-templates.yaml
I can see the instance is created but not able to connect it using putty.
Does it mean the template creates route tables without internet access?
In the template, I can see internet gateway is attached. Can you please check security group if port 22 is allowed from 0.0.0.0 or your IP.

Amazon Redshift ODBC connection EC2

I'm not able to connect to my Redshift cluster through ODBC from an EC2 instance. However, I'm able to connect to it from an outside computer (for eg My Macbook) using the ODBC connector. I have been trying and trying but in vain. How can I make my EC2 instance connect to Redshift? The Error I get is:
Is the Server running on host .................and accepting TCP/IP connections on port 5439?
I'm really confused as I can connect form outside but not from an EC2.
Thanks for the help.
Add the security group of your EC2 machine to the list of Ingress rules of the security group in your Redshift VPC.
Basically, you need to allow your EC2 machine to connect to the Redshift cluster.
If you have the instance in the same VPC, public hostname of redshift might not work.

Resources