无法从笔记本电脑访问公共子网中的Aurora群集

时间:2018-11-17 01:55:32

标签: amazon-web-services amazon-rds terraform aws-aurora

我已经设置了以下地形来配置rds群集,但是无法从笔记本电脑连接到该群集。集群启动了,因为我在VPC内的其他资源都可以正常连接。实例还设置为具有公共地址。

尝试连接时,我得到:

  

psql:无法连接到服务器:操作超时

  module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "${var.environment}-${var.app_name}-vpc"

  cidr = "10.0.0.0/16"

  azs                 = ["us-west-2a", "us-west-2b", "us-west-2c"]
  private_subnets     = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets      = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
  elasticache_subnets = ["10.0.31.0/24", "10.0.32.0/24"]

  enable_dns_hostnames   = true
  enable_dns_support     = true
  enable_nat_gateway     = true
  single_nat_gateway     = false
  one_nat_gateway_per_az = false

  tags = {
    Environment = "${var.environment}"
    Flow        = "${var.app_name}"
  }
}

resource "aws_db_subnet_group" "default" {
  name       = "${var.environment}-${var.app_name}-db-subnet"
  subnet_ids = ["${module.vpc.public_subnets}"]

  tags {
    Name = "DB Subnet Group"
  }
}

resource "aws_security_group" "db" {
  name        = "vpc_db"
  description = "Allow incoming database connections."
  vpc_id      = "${module.vpc.vpc_id}"

  ingress { # RDS cluster
    from_port       = 5432        
    to_port         = 5432
    protocol        = "tcp"
    security_groups = ["${aws_security_group.ecs_tasks.id}"]
  }

  ingress { # Open traffic
    from_port   = 5432              
    to_port     = 5432
    protocol    = "tcp"
    security_groups = ["${module.vpc.default_security_group_id}"]
  }

  egress {
    protocol    = "-1"
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_rds_cluster_instance" "cluster_instances" {
  count               = "2"
  identifier          = "${var.environment}-${var.app_name}-aurora-instance-${count.index}"
  cluster_identifier  = "${aws_rds_cluster.default.id}"
  instance_class      = "db.r4.large"
  engine              = "aurora-postgresql"
  publicly_accessible = true
}

resource "aws_rds_cluster" "default" {
  cluster_identifier           = "${var.environment}-${var.app_name}-aurora-cluster"
  availability_zones           = ["us-west-2a", "us-west-2b", "us-west-2c"]
  database_name                = "dbname"
  master_username              = "username"
  master_password              = "a password"
  engine                       = "aurora-postgresql"
  vpc_security_group_ids       = ["${aws_security_group.db.id}"]
  db_subnet_group_name         = "${aws_db_subnet_group.default.name}"
  skip_final_snapshot          = true
  preferred_maintenance_window = "Sun:03:00-Sun:06:00"
}

1 个答案:

答案 0 :(得分:0)

您的安全组似乎没有允许来自您的家庭网络或公用Internet的入站流量的规则。您可以添加专门针对您的IP的规则(重启路由器后可能会更改)或ISP的CIDR规则,这应该可以正常工作。测试您的连接设置是否正确的最简单方法是执行以下操作:

telnet <db-endpoint> <db-port>

请注意,如果您选择这样做,我强烈建议您通过TLS进行通信。 RDS已经通过自签名证书支持此功能。更好的办法是根本不公开您的数据库。

相关问题
最新问题