EC2 connection to RDS using Play framework

Question

I have a small site I built using the Play framework that I'm trying to run on an EC2 server against an Amazon RDS instance. I can run the app on my machine against the RDS instance and everything works fine. But when I deploy it to my EC2 server it gets this error:

The last packet successfully received from the server was 1,282,977,731,085 milliseconds ago.  The last packet sent successfully to the server was 0 milliseconds ago.
        at play.db.DBPlugin.onApplicationStart(DBPlugin.java:87)
        at play.Play.start(Play.java:381)
        at play.Play.init(Play.java:247)
        at play.server.Server.main(Server.java:85)
Caused by: java.net.ConnectException: Connection refused

My first thought was it was some kind of security setting, but I have a Spring based application running in Tomcat on the same EC2 server connecting to the same RDS instance with the same username and password, and it works just fine. Only the Play app has connection issues.

I can't seem to come up with any explanation for why this is happening, or ideas on how to fix it.

Anyone seen anything like this before?

Answer 1

The problem is with the application.conf file. If you specify your local DB like this:

db=mysql:root:pass@db

and your prod DB like this:

%prod.db.url=jdbc:mysql://<your-db-ip>:3306/db
%prod.db.user=db_user
%prod.db.pass=db_pass

You will get this error when trying to run in production because Play! is actually trying to use the db=mysql:root:pass@db param to connect since the prod params don't override that parameter sepecifically. To fix this, be sure to connect to the DB in the same way locally and in prod. This worked for me:

db.url=jdbc:mysql://localhost:3306/db
db.user=root
db.pass=pass

%prod.db.url=jdbc:mysql://<your-db-ip>:3306/db
%prod.db.user=db_user
%prod.db.pass=db_pass

Answer 2

I don't know anything about either of these frameworks (or Java in general), but I do have some experience with both these Amazon services -- might it be possible that these frameworks communicate using different protocols or at different ports? If so, it could still be a security issue.

If this is a possibility, then go to EC2 > Security Groups and if you don't have these three lines, try adding them:

All | icmp | -1 |    -1 | default group
All | tcp  |  0 | 65535 | default group
All | udp  |  0 | 65535 | default group

("default group" is the default name, and what I called mine, but your group name might be different -- in any case make sure they are the group name and not "0.0.0.0/0")

Also, if you know of particular protocols/ports you need open, then obviously add them too.

Answer 3

Your error could be caused by any number of things, and seems to be happening on a lower level of the protocol stack than what you are looking at. I recommend running a packet analyser (such as wireshark) on the sending server to try to figure out what's going on. Maybe the packets aren't getting there? Maybe your client is muddling something because of the different environment it is in? A packet sniffer can be invaluable for unravelling the mystery of dysconnection.

If your server is headless, or you can't forward a graphical session, you could always use a command-line tool, such as tcpdump on *nix systems.

Answer 4

I have asked the same question here

Amazon RDS and Elastic Beanstalk connectivity

Most probably your issue will get fixed after you add the "elasticbeanstalk-default" security group in RDS default security group