How to FIX AWS DMS to RDS connection Error?

5
votes

I'm having a tough time connecting DMS instances to RDS instances and need some help.

Situation: I've created Postgres and SQLServer RDS instances both with public access using the same (default) VPC and no SSL. I've added VPC inbound firewall rules opening the RDS instances my external and DMS instance IP addresses. Inbound rules and user/pw to the database have been verified from desktop apps on at my remote site.

I've also created DMS source endpoints to my remote IP address. Endpoint tests verify "passed" connection.

My Problem: The Target endpoints from DMS to RDS fail connection validation. I was assuming creating DMS and RDS instances using the same VPC would guarantee connection between them. I was also assuming adding inbound rules to open ports between DMS and RDS instances would also work, yet connection between them fail.

ERROR: RetCode: SQL_ERROR SqlState: 08001 NativeError: 101 Message: [unixODBC]timeout expired [122502] ODBC general error.]

What am I doing wrong ?

Update: If I create a DMS instance without a public IP address, the target connection passes validation. It worked once

Update 2: If I open up the inbound to allow all IP addresses, the connection between the instances succeed.

It is looking like a network issue. But why doesn't placing the DMS instance IP address into the firewall permit connections ?

tia

1
amazon-web-servicesconnectionmigrationrds
It's not 100% clear how you've set things up, but "adding inbound rules to open ports between DMS and RDS instances [...] yet connection between them fail" may hold the key, here. With the public IP setup, you may still need to allow access by counterintuitively trusting the private source IP.Michael - sqlbot
Check Lay out of your RDS DB Subnet group , security group, etc , you should able to see the exact problem.mootmoot
@sqlbot: the db and DMS instances have been either recreated or modified from multi to single AZ on az-a, Now, the ip addresses in the security group's inbound rules operate consistently. If the sg inbound rules is opened for all ip addresses and all protocols, the public ip connection will connect between instances. be back soon, trying a few thingsgaryM
@mootmoot: the issue is with the networking. I'm trying a few thingsgaryM
@all: it appears the default sg and subnets are not fully connected properly. If create single-az RDS and single az, local DMS the routing works consistently. Connections fail in multi-az configs. Also MDS in the same az using public endpoints do not route, even if the the endpoint is placed in the inbound rules with all ports enabled. This is the key to the issue, I figure it out in a couple of daysgaryM

1 Answers

0
votes

I ran into a similar problem, although in my case, the solution was to change the RDS instance master password to alphanumeric characters only. I had been using something like fh&9*-1aX=, and even enclosing it within curly braces, e.g., {fh&9*-1aX=}, returned connection string parse errors.