I am trying to connect to a MySQL database running on an AWS EC2 instance. The connection times out, error is “Timed out after 5000 milliseconds.”. My assumption is that it isn’t working because I’m not connecting via SSH, which I don’t see as an option. Is it possible to connect?
I tried opening port 3306, which I do not want to leave open to the world, and get this error now:
No matching clause: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
I’m not sure about your specific setup, but if you need to connect via SSH you can create a tunnel from your local machine using ssh -L $LOCAL_PORT:$MYSQL_HOST:$MYSQL_PORT $SSH_USER@$SSH_HOST`, then connect Metabase to host 127.0.0.1 and port $LOCAL_PORT.
Here’s a ticket for built-in SSH tunnel support: https://github.com/metabase/metabase/issues/1403
I am running Metabase on AWS, which I launched using your instructions here: http://www.metabase.com/start/aws.html. I assume that if I’m going to open that ssh tunnel I need to do so from the EC2 instance, correct?
It’s possible to run the ssh tunnel from a different instance, but that’s probably not the ideal thing to do. For the MySQL instance that you are running on AWS, are you using RDS? or are you running the instance yourself?
If you are running both Metabase and your MySQL database on AWS then you really shouldn’t need to use ssh tunneling. In that configuration it’s probably best to look at your AWS security group rules and simply allow the Metabase instance the ability to connect to your MySQL instance directly.
Okay, that makes sense. I am running MySQL on an EC2 instance that I manage. I edited the security groups to allow access to port 3306 for Metabase and am still getting this error:
No matching clause: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
For the host I am entering the public dns address for the ec2 instance (ec2-xx-xx-xxx-x.compute-1.amazonaws.com) - do I need to include 127.0.0.1 somewhere as well?
Thanks for the help!
If your MySQL database is running on an EC2 instance with a public ip then you shouldn’t need anything other than the hostname of that EC2 instance, so the example you gave with ec2-xxx... should be fine for the hostname and 127.0.0.1 would not apply.
It looks like it’s still a networking issue and the Metabase instance is not able to talk to the MySQL instance for some reason. My best guess is that the security group configuration is not quite right somehow. The way ElasticBeanstalk works is a bit obscure when it comes to security groups, but it creates a security group for you and you’d want to allow that group access to port 3306 on the security group that has your MySQL instance.
For debugging purposes (and not recommended for any long term usage) you can try opening up port 3306 on your MySQL instance to all internet traffic. That should at least let you test out that the connection is working and you should be able to connect your Metabase instance to the database. If that test is successful then you know it’s just a matter of getting the right security group config. If that test fails then there is something else going on.
I have 3306 wide open (0.0.0.0/0) on the MySQL machine and still receiving the same error. Tried 3307 as well based on a stack overflow article.
No matching clause: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
My hunch based on some other articles is that an AWS firewall rule is blocking the traffic somehow.
[Sorry for the necro-bump… maybe this will help someone searching with a similar problem]
I had a similar issue. Make sure that you’ve added your MySQL (in my case MariaDB but it doesn’t matter) database to your VPC security group here:
https://console.aws.amazon.com/vpc
Note that you can enter the name of the security group that your DB uses (rather than an IP range), which you can find in your RDS settings. I allowed all inbound ports since everything is happening within my VPC… I wouldn’t do so if I was interacting with a remote DB.
You may also need to add Inbound rules to your default security group (the one that RDS associates with your target DB) for the AWSEBS groups created by Docker, again using their name rather than their IP ranges.
Finally, make sure that your target DB is in the same Availability Zone as your EBS deployment. I got tripped up on this because I was only looking at the US-East zone and didn’t pay attention to the US-East-1-A vs. US-East-1-C in my configuration.
Hope this gets you a little further down the road!
2 Likes