AWS RDS / EC2: TimeoutError: Knex: Timeout acquiring a connection. The pool is probably full
I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res)
new User.User('id': 1)
.fetch(withRelated: ['addresses'])
.then((user) =>
res.send(user);
);
);
Knexfile:
production:
client: 'pg',
version: '7.2',
connection: ,
pool:
min: 2,
max: 20
,
,
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
add a comment |
I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res)
new User.User('id': 1)
.fetch(withRelated: ['addresses'])
.then((user) =>
res.send(user);
);
);
Knexfile:
production:
client: 'pg',
version: '7.2',
connection: ,
pool:
min: 2,
max: 20
,
,
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
add a comment |
I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res)
new User.User('id': 1)
.fetch(withRelated: ['addresses'])
.then((user) =>
res.send(user);
);
);
Knexfile:
production:
client: 'pg',
version: '7.2',
connection: ,
pool:
min: 2,
max: 20
,
,
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.
The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:
Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?
I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):
psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser
Security Groups:
- The EC2 security group (set up by EB) is
sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem
RDS was created in a VPC, but the VPC's security rules are open too:
- security groups attached (multiple)
- name: mysgname
- group ID: sg-05d003b66fe1a4a94
- Inbound rules:
- All Traffic (0.0.0.0/0)
- HTTP (80) for TCP (0.0.0.0/0)
- SSH (22) for TCP (0.0.0.0/0)
- PostgreSQL (5432) for TCP (0.0.0.0/0)
Publicly accessible: Yes
users controller:
router.get('/users', function(req, res)
new User.User('id': 1)
.fetch(withRelated: ['addresses'])
.then((user) =>
res.send(user);
);
);
Knexfile:
production:
client: 'pg',
version: '7.2',
connection: ,
pool:
min: 2,
max: 20
,
,
Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
edited Nov 11 '18 at 4:53
John Rotenstein
68.4k775119
68.4k775119
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
asked Nov 10 '18 at 16:18
GrowlerGrowler
4,7601266155
4,7601266155
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACLon the VPC specifically?
– Growler
Nov 10 '18 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 '18 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*Denies (I'm guessing this is all others)
– Growler
Nov 10 '18 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 '18 at 19:59
Sorry that5433was a typo in my SO post. Should be5432.
– Growler
Nov 10 '18 at 20:01
|
show 2 more comments
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240899%2faws-rds-ec2-timeouterror-knex-timeout-acquiring-a-connection-the-pool-is-p%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACLon the VPC specifically?
– Growler
Nov 10 '18 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 '18 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*Denies (I'm guessing this is all others)
– Growler
Nov 10 '18 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 '18 at 19:59
Sorry that5433was a typo in my SO post. Should be5432.
– Growler
Nov 10 '18 at 20:01
|
show 2 more comments
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACLon the VPC specifically?
– Growler
Nov 10 '18 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 '18 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*Denies (I'm guessing this is all others)
– Growler
Nov 10 '18 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 '18 at 19:59
Sorry that5433was a typo in my SO post. Should be5432.
– Growler
Nov 10 '18 at 20:01
|
show 2 more comments
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.
Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
answered Nov 10 '18 at 19:48
Chad EliasChad Elias
22825
22825
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACLon the VPC specifically?
– Growler
Nov 10 '18 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 '18 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*Denies (I'm guessing this is all others)
– Growler
Nov 10 '18 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 '18 at 19:59
Sorry that5433was a typo in my SO post. Should be5432.
– Growler
Nov 10 '18 at 20:01
|
show 2 more comments
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I findNACLon the VPC specifically?
– Growler
Nov 10 '18 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 '18 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but*Denies (I'm guessing this is all others)
– Growler
Nov 10 '18 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 '18 at 19:59
Sorry that5433was a typo in my SO post. Should be5432.
– Growler
Nov 10 '18 at 20:01
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find
NACL on the VPC specifically?– Growler
Nov 10 '18 at 19:55
For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find
NACL on the VPC specifically?– Growler
Nov 10 '18 at 19:55
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 '18 at 19:57
Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
– Growler
Nov 10 '18 at 19:57
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but
* Denies (I'm guessing this is all others)– Growler
Nov 10 '18 at 19:59
Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but
* Denies (I'm guessing this is all others)– Growler
Nov 10 '18 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 '18 at 19:59
Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
– Chad Elias
Nov 10 '18 at 19:59
Sorry that
5433 was a typo in my SO post. Should be 5432.– Growler
Nov 10 '18 at 20:01
Sorry that
5433 was a typo in my SO post. Should be 5432.– Growler
Nov 10 '18 at 20:01
|
show 2 more comments
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240899%2faws-rds-ec2-timeouterror-knex-timeout-acquiring-a-connection-the-pool-is-p%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
