AWS RDS / EC2: TimeoutError: Knex: Timeout acquiring a connection. The pool is probably full











up vote
0
down vote

favorite












I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?




I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


Security Groups:




  • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


RDS was created in a VPC, but the VPC's security rules are open too:



- security groups attached (multiple)

    - name: mysgname

    - group ID: sg-05d003b66fe1a4a94

    - Inbound rules: 

        - All Traffic (0.0.0.0/0) 

        - HTTP (80) for TCP (0.0.0.0/0) 

        - SSH (22) for TCP (0.0.0.0/0) 

        - PostgreSQL (5432) for TCP (0.0.0.0/0)


Publicly accessible: Yes



users controller:



router.get('/users', function(req, res) {

    new User.User({'id': 1})

        .fetch({withRelated: ['addresses']})

        .then((user) => {

            res.send(user);

    });

});


Knexfile:



production: {

    client: 'pg',

    version: '7.2',

    connection: {

        host: process.env.PG_HOST || 'localhost',

        port: process.env.PG_PORT || '5432',

        user: process.env.PG_USER || 'myuser',

        password: process.env.PG_PASSWORD || '',

        database: process.env.PG_DB || 'mydb',

        charset: 'utf8',

    },

    pool: {

        min: 2,

        max: 20

    },

},


Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk







share|improve this question




























    up vote
    0
    down vote

    favorite












    I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



    The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




    Unhandled rejection TimeoutError: Knex: Timeout acquiring a
    connection. The pool is probably full. Are you missing a
    .transacting(trx) call?




    I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



    psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


    Security Groups:




    • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


    RDS was created in a VPC, but the VPC's security rules are open too:



    - security groups attached (multiple)
    
    - name: mysgname
    
    - group ID: sg-05d003b66fe1a4a94
    
    - Inbound rules: 
    
        - All Traffic (0.0.0.0/0) 
    
        - HTTP (80) for TCP (0.0.0.0/0) 
    
        - SSH (22) for TCP (0.0.0.0/0) 
    
        - PostgreSQL (5432) for TCP (0.0.0.0/0)


    Publicly accessible: Yes



    users controller:



    router.get('/users', function(req, res) {
    
    new User.User({'id': 1})
    
        .fetch({withRelated: ['addresses']})
    
        .then((user) => {
    
            res.send(user);
    
    });
    
});


    Knexfile:



    production: {
    
    client: 'pg',
    
    version: '7.2',
    
    connection: {
    
        host: process.env.PG_HOST || 'localhost',
    
        port: process.env.PG_PORT || '5432',
    
        user: process.env.PG_USER || 'myuser',
    
        password: process.env.PG_PASSWORD || '',
    
        database: process.env.PG_DB || 'mydb',
    
        charset: 'utf8',
    
    },
    
    pool: {
    
        min: 2,
    
        max: 20
    
    },
    
},


    Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






    node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk







    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



      The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




      Unhandled rejection TimeoutError: Knex: Timeout acquiring a
      connection. The pool is probably full. Are you missing a
      .transacting(trx) call?




      I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



      psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


      Security Groups:




      • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


      RDS was created in a VPC, but the VPC's security rules are open too:



      - security groups attached (multiple)
      
    - name: mysgname
      
    - group ID: sg-05d003b66fe1a4a94
      
    - Inbound rules: 
      
        - All Traffic (0.0.0.0/0) 
      
        - HTTP (80) for TCP (0.0.0.0/0) 
      
        - SSH (22) for TCP (0.0.0.0/0) 
      
        - PostgreSQL (5432) for TCP (0.0.0.0/0)


      Publicly accessible: Yes



      users controller:



      router.get('/users', function(req, res) {
      
    new User.User({'id': 1})
      
        .fetch({withRelated: ['addresses']})
      
        .then((user) => {
      
            res.send(user);
      
    });
      
});


      Knexfile:



      production: {
      
    client: 'pg',
      
    version: '7.2',
      
    connection: {
      
        host: process.env.PG_HOST || 'localhost',
      
        port: process.env.PG_PORT || '5432',
      
        user: process.env.PG_USER || 'myuser',
      
        password: process.env.PG_PASSWORD || '',
      
        database: process.env.PG_DB || 'mydb',
      
        charset: 'utf8',
      
    },
      
    pool: {
      
        min: 2,
      
        max: 20
      
    },
      
},


      Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






      node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk







      share|improve this question















      I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



      The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




      Unhandled rejection TimeoutError: Knex: Timeout acquiring a
      connection. The pool is probably full. Are you missing a
      .transacting(trx) call?




      I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



      psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


      Security Groups:




      • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


      RDS was created in a VPC, but the VPC's security rules are open too:



      - security groups attached (multiple)
      
    - name: mysgname
      
    - group ID: sg-05d003b66fe1a4a94
      
    - Inbound rules: 
      
        - All Traffic (0.0.0.0/0) 
      
        - HTTP (80) for TCP (0.0.0.0/0) 
      
        - SSH (22) for TCP (0.0.0.0/0) 
      
        - PostgreSQL (5432) for TCP (0.0.0.0/0)


      Publicly accessible: Yes



      users controller:



      router.get('/users', function(req, res) {
      
    new User.User({'id': 1})
      
        .fetch({withRelated: ['addresses']})
      
        .then((user) => {
      
            res.send(user);
      
    });
      
});


      Knexfile:



      production: {
      
    client: 'pg',
      
    version: '7.2',
      
    connection: {
      
        host: process.env.PG_HOST || 'localhost',
      
        port: process.env.PG_PORT || '5432',
      
        user: process.env.PG_USER || 'myuser',
      
        password: process.env.PG_PASSWORD || '',
      
        database: process.env.PG_DB || 'mydb',
      
        charset: 'utf8',
      
    },
      
    pool: {
      
        min: 2,
      
        max: 20
      
    },
      
},


      Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






      node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk




      node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 11 at 4:53









      John Rotenstein

      64.2k767111




      64.2k767111










      asked Nov 10 at 16:18









      Growler

      4,7051265154




      4,7051265154
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer





















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240899%2faws-rds-ec2-timeouterror-knex-timeout-acquiring-a-connection-the-pool-is-p%23new-answer', 'question_page');
          }
          );

          Post as a guest


















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer





















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01















          up vote
          0
          down vote













          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer





















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01













          up vote
          0
          down vote










          up vote
          0
          down vote









          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer












          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 at 19:48









          Chad Elias

          21825




          21825












          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01


















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01
















          For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
          – Growler
          Nov 10 at 19:55




          For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
          – Growler
          Nov 10 at 19:55












          Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
          – Growler
          Nov 10 at 19:57




          Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
          – Growler
          Nov 10 at 19:57












          Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
          – Growler
          Nov 10 at 19:59






          Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
          – Growler
          Nov 10 at 19:59














          Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
          – Chad Elias
          Nov 10 at 19:59




          Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
          – Chad Elias
          Nov 10 at 19:59












          Sorry that 5433 was a typo in my SO post. Should be 5432.
          – Growler
          Nov 10 at 20:01




          Sorry that 5433 was a typo in my SO post. Should be 5432.
          – Growler
          Nov 10 at 20:01


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240899%2faws-rds-ec2-timeouterror-knex-timeout-acquiring-a-connection-the-pool-is-p%23new-answer', 'question_page');
          }
          );

          Post as a guest






































































          -

          Popular posts from this blog

          Bressuire

          Image
          Subprefecture and commune in Nouvelle-Aquitaine, France Bressuire Subprefecture and commune Chateau de Bressuire and the Eglise Notre-Dame Coat of arms Location of Bressuire Bressuire Show map of France Bressuire Show map of Nouvelle-Aquitaine Coordinates: 46°50′27″N 0°29′14″W  /  46.8408°N 0.4872°W  / 46.8408; -0.4872 Coordinates: 46°50′27″N 0°29′14″W  /  46.8408°N 0.4872°W  / 46.8408; -0.4872 Country France Region Nouvelle-Aquitaine Department Deux-Sèvres Arrondissement Bressuire Canton Bressuire Government  • Mayor .mw-parser-output .nobold{font-weight:normal} (2014–20) Jean Michel Bernier Area 1 180.59 km 2 (69.73 sq mi) Population (2014) 2 19,300  • Density 110/km 2 (280/sq mi) Time zone UTC+01:00 (CET)  • Summer (DST) UTC+02:00 (CEST) INSEE/Postal code 79049 /79300 Elevation 98–236 m (322–774 ft) (avg. 173 m or 568 ft) 1 French Land Register data, which exclude
          Read more

          Vorschmack

          Image
          Vorschmack Ukrainian Jewish-style vorschmack served on rye bread Course Hors d'oeuvre Region or state Eastern Europe Associated national cuisine Ashkenazi Jewish, Finnish, German, Ukrainian, Polish, Russian Main ingredients Ground meat and/or fish Cookbook: Vorschmack   Media: Vorschmack Vorschmack or forshmak (Yiddish: פֿאָרשמאַק ‎, from archaic German Vorschmack , "foretaste" [1] or "appetizer" [2] ) is an originally East European dish made of salty minced fish or meat. Different variants of this dish are especially common in Ashkenazi Jewish and Finnish cuisine. Some varieties are also known in Russian and Polish cuisine. Contents 1 In Jewish cuisine 2 In Russian cuisine 3 In Polish cuisine 4 In Finnish cuisine 5 See also 6 References In Jewish cuisine According to Gil Marks, the German name points to the possible Germanic origin of this dish. [1] William Pokhlyobkin descr
          Read more

          Quarantine

          Image
          For other uses, see Quarantine (disambiguation). Signal flag "Lima" called the "Yellow Jack" which when flown in harbor means ship is under quarantine. A simple yellow flag (also called the "Yellow Jack") had historically been used to signal quarantine (it stands for Q among signal flags), but now indicates the opposite, as a signal of a ship free of disease that requests boarding and inspection. A quarantine is used to separate and restrict the movement of people; it is 'a restraint upon the activities or communication of persons or the transport of goods designed to prevent the spread of disease or pests', for a certain period of time. [1] This is often used in connection to disease and illness, such as those who may possibly have been exposed to a communicable disease. [2] The term is often erroneously used to mean medical isolation, which is "to separate ill persons who have a communicable disease from those who are healthy
          Read more