My connection handshake times out when trying to connect to my RDS Aurora Serverless (v1) MySQL Cluster from an external source.
I’m specifying the cluster and its security group in terraform, and leveraging the default AWS VPC for the account/region.
Parameters for my cluster:
cluster_identifier = "some-cluster-name",
engine = "aurora-mysql",
engine_mode = "serverless",
database_name = "db",
master_username = "********",
master_password = "********",
backup_retention_period = 5,
preferred_backup_window = "07:00-09:00",
skip_final_snapshot = true,
storage_encrypted = true,
scaling_configuration = {
max_capacity = 4,
min_capacity = 1,
seconds_until_auto_pause = 300
},
vpc_security_group_ids = ["${aws_security_group.my_sg_defined_elsewhere.id}"]
Security group rules:
type = "ingress",
from_port = 3306,
to_port = 3306,
protocol = "tcp",
cidr_blocks = ["0.0.0.0/0"],
ipv6_cidr_blocks = ["::/0"],
security_group_id = "${aws_security_group.my_sg_defined_elsewhere.id}"
type = "egress",
from_port = 0,
to_port = 0,
protocol = "-1",
cidr_blocks = ["0.0.0.0/0"],
ipv6_cidr_blocks = ["::/0"],
security_group_id = "${aws_security_group.my_sg_defined_elsewhere.id}"
Since I’m just using the default VPC, which I believe has public subnets, I’m assuming that if my security group rules are sufficient for public MySQL access then this should just work. Unfortunately using the cluster’s generated endpoint and the correct credentials, I just get a timeout when trying to connect.
2
Answers
Just to close this off, thanks to some further hunting and Mark B's comments above, can confirm that I missed the fact that Aurora Serverless v1 does not support public endpoints, so no amount of playing around with my security groups would have helped. This is apparently possible with v2 but since it isn't true serverless (doesn't wind down to zero) it's not an option for me anyway. Hope this saves someone some headaches!
You can route the request through an ec2 instance tunnel, which uses API Gateway to control lambda functions to start and stop the instance as needed, so your AWS resources can still scale down to zero.
As a side note, lambda latency is trivial compared to serverless v1 cold-start times.