问题描述
我一直在尝试在 S3 存储桶和 Elasitcbeanstalk 环境之间设置数据管道,该环境包括一个 MySQL RDS 实例(都在同一个 VPC 中).
I've been trying to set up a data pipeline between an S3 bucket and an Elasitcbeanstalk environment which includes a MySQL RDS instance (all in the same VPC).
我失败了:
The last packet sent successfully to the server was 0 milliseconds ago.
The driver has not received any packets from the server.
amazonaws.datapipeline.database.ConnectionFactory: Unable to establish
connection to jdbc:mysql://***.us-west-2.rds.amazonaws.com:3306/mydata
Communications link failure
我认为问题在于我需要允许数据管道访问我的 MySQL RDS,但无法弄清楚如何.我将 myEc2RdsSecurityGrps
字段设置为 EC2 > Security Groups 下为 RDS 实例列出的安全组名称,但这没有帮助.
I believe the problem is that I need to allow the data pipeline to access my MySQL RDS, but can't figure out how. I set myEc2RdsSecurityGrps
field to the security group name listed for the RDS instance under EC2 > Security Groups, but that didn't help.
RDS 实例的值 IAM DB Authentication Enabled
设置为 Yes.
The RDS instance has the value IAM DB Authentication Enabled
set to Yes.
另外,这里对 IAM 角色来说非常新,但有两个是这样创建的:Roles >创建角色 >数据管道数据管道的 EC2 角色
(为数据管道启动的 EC2 实例提供对 S3、DynamoDB 和其他服务的访问权限)以及 角色 >创建角色 >数据管道Data Pipeline
(允许 Data Pipeline 和 Data Pipeline 托管的 EMR 集群代表您调用 AWS 服务).
Also, very new to IAM roles here but two were created like so: Roles > Create Role > Data Pipeline > EC2 Role for Data Pipeline
(Provides access to S3, DynamoDB, and other services for EC2 instances that Data Pipeline launches) and also Roles > Create Role > Data Pipeline > Data Pipeline
(Allows Data Pipeline and Data Pipeline managed EMR clusters to call AWS services on your behalf).
我错过了一步吗?
推荐答案
RDS 实例的安全性应该对数据管道中的 EC2 任务运行程序的安全组开放数据库端口.
The Security for the RDS instance should have the DB port open to the security group of the EC2 task runners in the Datapipeline.
为 VPC 中的 EC2 实例创建安全组
To create a security group for an EC2 instance in a VPC
- 通过 https://console.aws.amazon.com/ec2/打开 Amazon EC2 控制台.
- 在导航窗格中,单击安全组.
- 点击创建安全组.
- 指定安全组的名称和描述.
- 从列表中选择您的 VPC,然后单击创建.
记下新安全组的 ID.
如果您在自己的计算机上运行 Task Runner,请以 CIDR 表示法记下其公共 IP 地址.如果计算机位于防火墙后面,请注意其网络的整个地址范围.稍后您将需要此地址.
If you are running Task Runner on your own computer, note its public IP address, in CIDR notation. If the computer is behind a firewall, note the entire address range of its network. You'll need this address later on.
接下来,在资源安全组中创建规则,允许 Task Runner 必须访问的数据源的入站流量.例如,如果 Task Runner 必须访问 Amazon Redshift 集群,则 Amazon Redshift 集群的安全组必须允许来自资源的入站流量.
Next, create rules in the resource security groups that allow inbound traffic for the data sources Task Runner must access. For example, if Task Runner must access a Amazon Redshift cluster, the security group for the Amazon Redshift cluster must allow inbound traffic from the resource.
为 RDS 数据库的安全组添加规则
To add a rule to the security group for an RDS database
- 在 https://console.aws.amazon.com/rds/打开 Amazon RDS 控制台.
- 在导航窗格中,单击实例.
- 单击数据库实例的详细信息图标.在安全和网络下,单击指向安全组的链接,这会将您带到 Amazon EC2 控制台.如果您为安全组使用旧的控制台设计,请通过单击控制台页面顶部显示的图标切换到新的控制台设计.
- 从入站选项卡中,单击编辑,然后单击添加规则.指定您在启动数据库实例时使用的数据库端口.开始在 Source 中键入运行 Task Runner 的资源所使用的安全组 ID 或 IP 地址.
- 点击保存.
这篇关于无法与 jdbc 建立连接:mysql 通信链接失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!