我一直在尝试在S3存储桶和Elasitcbeanstalk环境之间建立一个数据管道,其中包含一个MySQL RDS实例(全部在同一个VPC中)。
我得到了失败:
The last packet sent successfully to the server was 0 milliseconds ago.
The driver has not received any packets from the server.
amazonaws.datapipeline.database.ConnectionFactory: Unable to establish
connection to jdbc:mysql://***.us-west-2.rds.amazonaws.com:3306/mydata
Communications link failure
我认为问题在于我需要允许数据管道访问我的MySQL RDS,但无法弄清楚如何。我将myEc2RdsSecurityGrps
字段设置为在EC2>下为RDS实例列出的安全组名称。安全组,但没有帮助。
RDS实例的值IAM DB Authentication Enabled
设置为是。
此外,IAM角色非常新,但有两个是这样创建的:Roles > Create Role > Data Pipeline > EC2 Role for Data Pipeline
(提供对S3,DynamoDB以及Data Pipeline启动的EC2实例的其他服务的访问权限)以及Roles > Create Role > Data Pipeline > Data Pipeline
(允许数据管道和数据管道管理的EMR集群代表您调用AWS服务。
我错过了一步吗?
答案 0 :(得分:2)
RDS实例的安全性应该将数据库端口打开到Datapipeline中EC2任务运行程序的安全组。
在VPC中为EC2实例创建安全组
请注意新安全组的ID。
如果您在自己的计算机上运行Task Runner,请使用CIDR表示法记下其公共IP地址。如果计算机位于防火墙后面,请记下其网络的整个地址范围。您稍后将需要此地址。
接下来,在资源安全组中创建规则,允许任务运行者必须访问的数据源的入站流量。例如,如果Task Runner必须访问Amazon Redshift群集,则Amazon Redshift群集的安全组必须允许来自资源的入站流量。
将规则添加到RDS数据库的安全组
答案 1 :(得分:0)
In AWS-RDS, Security Group, The Inbound Source should have the IP address you are trying to access the DB from or should be made 'Anywhere'
1) Open the Amazon RDS console at https://console.aws.amazon.com/rds/
2) In the navigation pane, click Instances.
3) Click the details icon for the DB instance. Under Security and Network, click the link to the security group, which takes you to the Amazon EC2 console. If you're using the old console design for security groups, switch to the new console design by clicking the icon that's displayed at the top of the console page.
4) From the Inbound tab, click Edit (a pop-up will open)
5) In the Source field click on the dropdown and select 'Anywhere', the IP address by default will be selected as '0.0.0.0/0, ::/0' or make select 'Custom' and enter the IP address from which you are accessing the DB from (or '0.0.0.0/0, ::/0' which is same as 'Anywhere').