AWS RDS / EC2: TimeoutError: Knex: Timeout acquiring a connection. The pool is probably full











up vote
0
down vote

favorite












I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




Unhandled rejection TimeoutError: Knex: Timeout acquiring a
connection. The pool is probably full. Are you missing a
.transacting(trx) call?




I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


Security Groups:




  • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


RDS was created in a VPC, but the VPC's security rules are open too:



- security groups attached (multiple)

    - name: mysgname

    - group ID: sg-05d003b66fe1a4a94

    - Inbound rules: 

        - All Traffic (0.0.0.0/0) 

        - HTTP (80) for TCP (0.0.0.0/0) 

        - SSH (22) for TCP (0.0.0.0/0) 

        - PostgreSQL (5432) for TCP (0.0.0.0/0)


Publicly accessible: Yes



users controller:



router.get('/users', function(req, res) {

    new User.User({'id': 1})

        .fetch({withRelated: ['addresses']})

        .then((user) => {

            res.send(user);

    });

});


Knexfile:



production: {

    client: 'pg',

    version: '7.2',

    connection: {

        host: process.env.PG_HOST || 'localhost',

        port: process.env.PG_PORT || '5432',

        user: process.env.PG_USER || 'myuser',

        password: process.env.PG_PASSWORD || '',

        database: process.env.PG_DB || 'mydb',

        charset: 'utf8',

    },

    pool: {

        min: 2,

        max: 20

    },

},


Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk







share|improve this question




























    up vote
    0
    down vote

    favorite












    I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



    The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




    Unhandled rejection TimeoutError: Knex: Timeout acquiring a
    connection. The pool is probably full. Are you missing a
    .transacting(trx) call?




    I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



    psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


    Security Groups:




    • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


    RDS was created in a VPC, but the VPC's security rules are open too:



    - security groups attached (multiple)
    
    - name: mysgname
    
    - group ID: sg-05d003b66fe1a4a94
    
    - Inbound rules: 
    
        - All Traffic (0.0.0.0/0) 
    
        - HTTP (80) for TCP (0.0.0.0/0) 
    
        - SSH (22) for TCP (0.0.0.0/0) 
    
        - PostgreSQL (5432) for TCP (0.0.0.0/0)


    Publicly accessible: Yes



    users controller:



    router.get('/users', function(req, res) {
    
    new User.User({'id': 1})
    
        .fetch({withRelated: ['addresses']})
    
        .then((user) => {
    
            res.send(user);
    
    });
    
});


    Knexfile:



    production: {
    
    client: 'pg',
    
    version: '7.2',
    
    connection: {
    
        host: process.env.PG_HOST || 'localhost',
    
        port: process.env.PG_PORT || '5432',
    
        user: process.env.PG_USER || 'myuser',
    
        password: process.env.PG_PASSWORD || '',
    
        database: process.env.PG_DB || 'mydb',
    
        charset: 'utf8',
    
    },
    
    pool: {
    
        min: 2,
    
        max: 20
    
    },
    
},


    Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






    node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk







    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



      The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




      Unhandled rejection TimeoutError: Knex: Timeout acquiring a
      connection. The pool is probably full. Are you missing a
      .transacting(trx) call?




      I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



      psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


      Security Groups:




      • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


      RDS was created in a VPC, but the VPC's security rules are open too:



      - security groups attached (multiple)
      
    - name: mysgname
      
    - group ID: sg-05d003b66fe1a4a94
      
    - Inbound rules: 
      
        - All Traffic (0.0.0.0/0) 
      
        - HTTP (80) for TCP (0.0.0.0/0) 
      
        - SSH (22) for TCP (0.0.0.0/0) 
      
        - PostgreSQL (5432) for TCP (0.0.0.0/0)


      Publicly accessible: Yes



      users controller:



      router.get('/users', function(req, res) {
      
    new User.User({'id': 1})
      
        .fetch({withRelated: ['addresses']})
      
        .then((user) => {
      
            res.send(user);
      
    });
      
});


      Knexfile:



      production: {
      
    client: 'pg',
      
    version: '7.2',
      
    connection: {
      
        host: process.env.PG_HOST || 'localhost',
      
        port: process.env.PG_PORT || '5432',
      
        user: process.env.PG_USER || 'myuser',
      
        password: process.env.PG_PASSWORD || '',
      
        database: process.env.PG_DB || 'mydb',
      
        charset: 'utf8',
      
    },
      
    pool: {
      
        min: 2,
      
        max: 20
      
    },
      
},


      Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






      node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk







      share|improve this question















      I'm attempting to retrieve a User model from a Node js 8.12.0 API, using knex and bookshelf ORM. Database is Postgres 10.4.



      The API works fine locally, but hosted on ElasticBeanstalk EC2 and RDS, I get error:




      Unhandled rejection TimeoutError: Knex: Timeout acquiring a
      connection. The pool is probably full. Are you missing a
      .transacting(trx) call?




      I'm able to connect and make queries to the RDS instance separately via connection string / password (it prompts for pw after I enter this):



      psql -h myinstance.zmsnsdbakdha.us-east-1.rds.amazonaws.com -d mydb -U myuser


      Security Groups:




      • The EC2 security group (set up by EB) is sg-0fa31004bd2b763ce, and RDS has an inbound security rule for PostgreSQL / TCP / port 5432 / for the matching source (sg-0fa31004bd2b763ce)— so it doesn't seem like the security group is a problem


      RDS was created in a VPC, but the VPC's security rules are open too:



      - security groups attached (multiple)
      
    - name: mysgname
      
    - group ID: sg-05d003b66fe1a4a94
      
    - Inbound rules: 
      
        - All Traffic (0.0.0.0/0) 
      
        - HTTP (80) for TCP (0.0.0.0/0) 
      
        - SSH (22) for TCP (0.0.0.0/0) 
      
        - PostgreSQL (5432) for TCP (0.0.0.0/0)


      Publicly accessible: Yes



      users controller:



      router.get('/users', function(req, res) {
      
    new User.User({'id': 1})
      
        .fetch({withRelated: ['addresses']})
      
        .then((user) => {
      
            res.send(user);
      
    });
      
});


      Knexfile:



      production: {
      
    client: 'pg',
      
    version: '7.2',
      
    connection: {
      
        host: process.env.PG_HOST || 'localhost',
      
        port: process.env.PG_PORT || '5432',
      
        user: process.env.PG_USER || 'myuser',
      
        password: process.env.PG_PASSWORD || '',
      
        database: process.env.PG_DB || 'mydb',
      
        charset: 'utf8',
      
    },
      
    pool: {
      
        min: 2,
      
        max: 20
      
    },
      
},


      Firstly, why is this happening only on AWS hosted environment and not locally. Secondly, how can I fix this issue? Should I increase max for pools?






      node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk




      node.js postgresql amazon-ec2 amazon-rds amazon-elastic-beanstalk






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 11 at 4:53









      John Rotenstein

      64.2k767111




      64.2k767111










      asked Nov 10 at 16:18









      Growler

      4,7051265154




      4,7051265154
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer





















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240899%2faws-rds-ec2-timeouterror-knex-timeout-acquiring-a-connection-the-pool-is-p%23new-answer', 'question_page');
          }
          );

          Post as a guest


















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer





















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01















          up vote
          0
          down vote













          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer





















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01













          up vote
          0
          down vote










          up vote
          0
          down vote









          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.






          share|improve this answer












          You need to check your Network Access Control List (NACL) in your VPC and make sure your INBOUND and OUTBOUND are configured correctly. Security Groups are at the Instance level of security and the NACL is security at the Subnet level.



          Most of the time when you are experiencing a Timeout error connecting to something in a custom VPC it will be a configuration problem with a Security Group or a NACL or Both.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 10 at 19:48









          Chad Elias

          21825




          21825












          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01


















          • For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
            – Growler
            Nov 10 at 19:55










          • Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
            – Growler
            Nov 10 at 19:57










          • Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
            – Growler
            Nov 10 at 19:59












          • Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
            – Chad Elias
            Nov 10 at 19:59










          • Sorry that 5433 was a typo in my SO post. Should be 5432.
            – Growler
            Nov 10 at 20:01
















          For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
          – Growler
          Nov 10 at 19:55




          For testing, the inbound Security Group rules for the VPC is pretty much wide open: i.imgur.com/G0HRqx3.png. Is this incorrect? If so, where can I find NACL on the VPC specifically?
          – Growler
          Nov 10 at 19:55












          Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
          – Growler
          Nov 10 at 19:57




          Okay I found NACL— here are the listings for the subnets attached to the VPC: i.imgur.com/Vnq8QGT.png
          – Growler
          Nov 10 at 19:57












          Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
          – Growler
          Nov 10 at 19:59






          Here is the NACL tab: i.imgur.com/mQCSi0a.png — it says "rule 100" allows all traffic, but * Denies (I'm guessing this is all others)
          – Growler
          Nov 10 at 19:59














          Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
          – Chad Elias
          Nov 10 at 19:59




          Add a Rull #200 for that port for both inbound and outbound, but I also noticed in your code above that you have the Security Group Configured for port 5432, and your code says 5433?
          – Chad Elias
          Nov 10 at 19:59












          Sorry that 5433 was a typo in my SO post. Should be 5432.
          – Growler
          Nov 10 at 20:01




          Sorry that 5433 was a typo in my SO post. Should be 5432.
          – Growler
          Nov 10 at 20:01


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240899%2faws-rds-ec2-timeouterror-knex-timeout-acquiring-a-connection-the-pool-is-p%23new-answer', 'question_page');
          }
          );

          Post as a guest






































































          -

          Popular posts from this blog

          Xamarin.iOS Cant Deploy on Iphone

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } -1 I have a windows laptop and a mac mini my problem is that It wont deploy on iphone if I use Visual Studio Xamarin on windows to install my app, but it works fine with Visual Studio For Mac. Here's what I get after build succeded on Visual Studio Xamarin on windows : 1>------ Build started: Project: FinalCustomerApp.iOS, Configuration: Debug iPhone ------ 1> Connecting to Mac server 192.168.8.100... 1> FinalCustomerApp.iOS -> C:UsersJeremy PaulDesktopFinalCustomerAppFinalCustomerAppFinalCustomerApp.iOSbiniPhoneDebugFinalCustomerApp.iOS.exe 1> Detected signing identity: 1> Code Signing Key: &quo
          Read more

          Glorious Revolution

          Image
          "The Bloodless Revolution" redirects here. For a history of the vegetarian movement, see The Bloodless Revolution (book). This article is about the English revolution of 1688. For the revolution of 1868 in Spain, see Glorious Revolution (Spain). For other uses, see Glorious Revolution (disambiguation). Glorious Revolution The Prince of Orange lands at Torbay Date 1688–1689 Location British Isles Also known as Revolution of 1688 War of the English Succession Bloodless Revolution Participants English, Welsh and Scottish society, Dutch forces Outcome Replacement of James II by William III and Mary II Jacobite rising of 1689 Williamite War in Ireland War with France; England and Scotland join Grand Alliance Drafting of the Bill of Rights 1689 Part of a series on the History of England Timeline Prehistoric Britain Roman Britain Sub-Roman Britain Medieval period Economy in the Middle Ages Anglo-Saxon period
          Read more

          Dulmage-Mendelsohn matrix decomposition in Python

          Image
          0 Matlab has a function called dmperm that computes the so-called Dulmage–Mendelsohn decomposition of a n x n matrix. From wikipedia, the Dulmage–Mendelsohn is a partition of the vertices of a bipartite graph into subsets, with the property that two adjacent vertices belong to the same subset if and only if they are paired with each other in a perfect matching of the graph. Looking both on scipy and numpy, I could not find this function, nor some similar version. Is it possible to implement it using basic linear algebra operations? Any idea if this is implemented in some Python package? python matlab linear-algebra graph-theory matrix-decomposition share | improve this question
          Read more