can't connect to redshift database

15
votes

I'm trying to connect to Redshift database from SQL Workbench/J using Postgre JDBC drivers but I can't get through. I get this error "The connection attempt failed". The jdbc driver is properly located. I also tried through Aginity Workbench for Redshift but it was unable to show the list of databases. I have my connection url to the database of the form jdbc:postgresql://host:port/name_of_database but surprisingly I could not even ping the host. I can see that the health of database is good through amazon console. So, my questions are:

  1. Why can't I ping my redshift db server?
  2. Is there a way to ssh to the db server?

Edit1: After adding my public IP to security group the host gets resolved while pinging but still there's 100% packet loss.

Edit2: I could successfully host the db in EC2-Classic but not in EC2-VPC. Since I'm running short of public IPs I tried re-hosting the db in VPC where there is 100% packet loss.

4
amazon-redshift
1. Are you using the JDBC URL located in the 'configuration' tab for that Redshift database? 2. Are you running this cloud on a VPC or with any network rules that would block network access from your location?bstempi
Yes I'm using the JDBC URL as shown in Configuration tab of cluster in Amazon console. The cloud is on a VPC and the database is hosted in a private subnet. My team has already hosted a report server in an IP under the same private subnet with no issues. So, I guess network rules should not be the cause for it.chemicalkt

4 Answers

17
votes

You have to add your IP address block into the security group for the cluster.

This is separate from other security groups (i.e. VPC).

You can find it on the left in the Redshift Console. https://console.aws.amazon.com/redshift/

5
votes

I was attempting to connect from my local machine via psql to a Redshift cluster in a VPC. I found I needed to explicitly add my local IP/CIDR to the inbound rules for my security group.

You can find the menu in the AWS console at Services>VPC>Security Groups. Then click to edit your security group, and you should see the inbound rules tab at the bottom of the page. Example:

inbound rules menu example

I was unfamiliar with CIDR prior to this, but 32 seems to be the default CIDR. In my case, I added an inbound rule to allow traffic from xx.xxx.xxx.xx/32 - xx.xxx.xxx.xx being my local IP address.

2
votes

For EC2 instance in the same VPC, you have to add the CIDR/IP of the private IP to the security group rules, i.e., instead of the public IP of 54.191.XXX.XXX, you should add the private IP of 172.31.XXX.XXX to the ingress rule of your security group.

0
votes

Looks like you were to resolve the issue only by connecting from an EC2 machine within your VPC. This means that you didn't make the Redshift cluster publicly available, which is one of the options you have when starting up a cluster.