AWS RDS / EC2: TimeoutError: Knex: Timeout acquiring a connection. The pool is probably full
up vote
0
down vote
favorite
I'm attempting to retrieve a User model from a Node js 8.12.0
API, using knex
and bookshelf ORM
. Database is Postgres 10.4
.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce
, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce
)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res) {
new User.User({'id': 1})
.fetch({withRelated: ['addresses']})
.then((user) => {
res.send(user);
});
});
Knexfile:
production: {
client: 'pg',
version: '7.2',
connection: {
host: process.env.PG_HOST || 'localhost',
port: process.env.PG_PORT || '5432',
user: process.env.PG_USER || 'myuser',
password: process.env.PG_PASSWORD || '',
database: process.env.PG_DB || 'mydb',
charset: 'utf8',
},
pool: {
min: 2,
max: 20
},
},
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max
for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
add a comment |
up vote
0
down vote
favorite
I'm attempting to retrieve a User model from a Node js 8.12.0
API, using knex
and bookshelf ORM
. Database is Postgres 10.4
.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce
, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce
)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res) {
new User.User({'id': 1})
.fetch({withRelated: ['addresses']})
.then((user) => {
res.send(user);
});
});
Knexfile:
production: {
client: 'pg',
version: '7.2',
connection: {
host: process.env.PG_HOST || 'localhost',
port: process.env.PG_PORT || '5432',
user: process.env.PG_USER || 'myuser',
password: process.env.PG_PASSWORD || '',
database: process.env.PG_DB || 'mydb',
charset: 'utf8',
},
pool: {
min: 2,
max: 20
},
},
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max
for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm attempting to retrieve a User model from a Node js 8.12.0
API, using knex
and bookshelf ORM
. Database is Postgres 10.4
.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce
, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce
)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res) {
new User.User({'id': 1})
.fetch({withRelated: ['addresses']})
.then((user) => {
res.send(user);
});
});
Knexfile:
production: {
client: 'pg',
version: '7.2',
connection: {
host: process.env.PG_HOST || 'localhost',
port: process.env.PG_PORT || '5432',
user: process.env.PG_USER || 'myuser',
password: process.env.PG_PASSWORD || '',
database: process.env.PG_DB || 'mydb',
charset: 'utf8',
},
pool: {
min: 2,
max: 20
},
},
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max
for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
I'm attempting to retrieve a User model from a Node js 8.12.0
API, using knex
and bookshelf ORM
. Database is Postgres 10.4
.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce
, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce
)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res) {
new User.User({'id': 1})
.fetch({withRelated: ['addresses']})
.then((user) => {
res.send(user);
});
});
Knexfile:
production: {
client: 'pg',
version: '7.2',
connection: {
host: process.env.PG_HOST || 'localhost',
port: process.env.PG_PORT || '5432',
user: process.env.PG_USER || 'myuser',
password: process.env.PG_PASSWORD || '',
database: process.env.PG_DB || 'mydb',
charset: 'utf8',
},
pool: {
min: 2,
max: 20
},
},
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max
for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
edited Nov 11 at 4:53
John Rotenstein
64.3k768112
64.3k768112
asked Nov 10 at 16:18
Growler
4,7051265154
4,7051265154
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACL
on the VPC specifically?
– Growler
Nov 10 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*
Denies (I'm guessing this is all others)
– Growler
Nov 10 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 at 19:59
Sorry that5433
was a typo in my SO post. Should be5432
.
– Growler
Nov 10 at 20:01
|
show 2 more comments
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACL
on the VPC specifically?
– Growler
Nov 10 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*
Denies (I'm guessing this is all others)
– Growler
Nov 10 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 at 19:59
Sorry that5433
was a typo in my SO post. Should be5432
.
– Growler
Nov 10 at 20:01
|
show 2 more comments
up vote
0
down vote
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACL
on the VPC specifically?
– Growler
Nov 10 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*
Denies (I'm guessing this is all others)
– Growler
Nov 10 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 at 19:59
Sorry that5433
was a typo in my SO post. Should be5432
.
– Growler
Nov 10 at 20:01
|
show 2 more comments
up vote
0
down vote
up vote
0
down vote
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
answered Nov 10 at 19:48
Chad Elias
21825
21825
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACL
on the VPC specifically?
– Growler
Nov 10 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*
Denies (I'm guessing this is all others)
– Growler
Nov 10 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 at 19:59
Sorry that5433
was a typo in my SO post. Should be5432
.
– Growler
Nov 10 at 20:01
|
show 2 more comments
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACL
on the VPC specifically?
– Growler
Nov 10 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*
Denies (I'm guessing this is all others)
– Growler
Nov 10 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 at 19:59
Sorry that5433
was a typo in my SO post. Should be5432
.
– Growler
Nov 10 at 20:01
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find
NACL
on the VPC specifically?– Growler
Nov 10 at 19:55
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find
NACL
on the VPC specifically?– Growler
Nov 10 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 at 19:57
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but
*
Denies (I'm guessing this is all others)– Growler
Nov 10 at 19:59
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but
*
Denies (I'm guessing this is all others)– Growler
Nov 10 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 at 19:59
Sorry that
5433
was a typo in my SO post. Should be 5432
.– Growler
Nov 10 at 20:01
Sorry that
5433
was a typo in my SO post. Should be 5432
.– Growler
Nov 10 at 20:01
|
show 2 more comments
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240899%2faws-rds-ec2-timeouterror-knex-timeout-acquiring-a-connection-the-pool-is-p%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown