Unable to define a JDBC (Postgres) connection
Unable to define a JDBC (Postgres) connection through a VPC peering connection
There is a work-around, if you are getting timeouts when trying to define the JDBC Postgres DataSource via the Domain name from the Uposolver UI JDBC datasource definition.
From the Upsolver private API EC2 instance (or from the same subnet from within the VPC that the Private API resides in) - running a “dig” command on the domain name as a first troubleshooting step shows that the name is resolved to the “public” (internet routable) IP address, as is seen in the example “dig” command output below:
;<<>> DiG 9.10.6 <<>> dl-features-production.cppuljte6pbg.us-west-2.rds.amazonaws.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44001
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION: ;dl-features-production.pwrabcjte6gtu.us-east-1.rds.amazonaws.com. IN A
;; ANSWER SECTION:
dl-features-production.pwrabcjte6gtu.us-east-1.rds.amazonaws.com. 5 IN CNAME ec2-65-32-241-114.us-east-1.compute.amazonaws.com.
ec2-65-32-241-114.us-east-1.compute.amazonaws.com. 604800 IN A 65.32.241.114
;; Query time: 469 msec
;; SERVER: 10.0.0.114#53(10.0.0.114)
;; WHEN: Tue Feb 22 11:08:22 IST 2022
;; MSG SIZE rcvd: 171
This is the configuration and situation:
An Upsolver Private API server resides on a VPC, which has a VPC peering with another VPC which, in turn, has the RDS service. In such an environment, you may not be able to map the connection when trying to define the JDBC connection using the private IP address of the RDS service (even though telnetting the name might return the private IP).
As an alternative you could go to the RDS service in AWS from the Upsolver UI DS definition.
The problem is that the DNS name is resolved to the public IP address of the Private API server and that traffic is routed via the internet. This access may not be allowed resulting in failure to connect to the RDS service. It is possible that the traffic is intended to arrive only from VPC internal addresses. As a consequence, this traffic needs to go through the VPC peering connection with the private addresses.
Solution:
Configure the VPC in the VPC peering connection to resolve DNS to internal IP addresses for the VPC instances.
See https://docs.aws.amazon.com/vpc/latest/peering/modify-peering-connections.html for the configuration method that needs to be implemented. This article describes how to resolve DNS names to internal IP addresses from the VPCs in a peering connection.
This solves the problem. You should be able to define the RDS JDBC connection with the domain name.
Last updated