I have an Amazon Redshift cluster, but I can't connect to it. I want to know how to resolve this issue.
Short description
A connection timeout error often causes issues with Amazon Redshift clusters. You receive an error message that's similar to the following one:
"could not connect to server: Connection timed out
Is the server running on host "example.123456789.us-east-1.redshift.amazonaws.com" (255.255.255.255) and accepting
TCP/IP connections on port 5439?"
To resolve this issue, complete the following troubleshooting steps for a cluster that's in a public or private subnet.
Resolution
My cluster is in a public subnet but it isn't accessible from the internet
A Redshift cluster is accessible from the internet when the following criteria are met:
- You turned on the Publicly accessible cluster setting.
- You provisioned the cluster in a public subnet.
- The cluster's security group contains an inbound rule that allows the source IP address or CIDR block connections to the cluster's port number.
Note: Before you complete the following steps, make sure that your Amazon Virtual Private Cloud (VPC) has an internet gateway attached to it.
Turn on the Publicly accessible setting in your cluster:
- Open the Amazon Redshift console.
- Choose Clusters.
- Select the cluster that you want to connect to.
- Choose Actions.
- Choose Modify publicly accessible setting.
- Check the box for Turn on Publicly accessible.
- (Optional) Select your Elastic IP address.
- Choose Save Changes.
My cluster is in a private subnet, and I can't connect to it from my local computer
You have two options to connect your cluster to a local machine:
- Make the cluster's subnet public.
- Use the Amazon Redshift Query Editor v2.
Make the cluster's subnet public
Complete the following steps:
- Open the Amazon Redshift console.
- Choose Clusters.
- Select the cluster that you want to connect to.
- Choose the Configuration tab to open the Cluster Properties page.
- Choose View VPCs to open the Amazon VPC console.
- In the navigation pane, choose Route Tables.
- Select the route table that's associated with the subnet where your cluster is.
- Choose Edit.
- Choose Add route.
For IPv4 traffic: In the Destination field, enter the CIDR range that you want to provide access to. In the Target field, select the internet gateway ID.
For IPv6 traffic: In the Destination field, enter ::/0. In the Target field, select the internet gateway ID.
- Choose Save.
Use the Amazon Redshift Query Editor v2
To connect to your Redshift cluster without changing your network settings, use the Query Editor v2. Follow the directions in Connecting to an Amazon Redshift database.
I can't access my cluster from an Amazon EC2 instance that's in a different VPC
Create a VPC peering connection between the VPCs. This allows two VPCs to communicate with each other through private IP addresses.
-
Follow the steps for Creating and accepting a VPC peering connection.
Note: If the VPCs are in the same AWS account, then make sure that the IPv4 CIDR blocks don't overlap.
-
Update both route tables.
-
Update your security groups to reference peer VPC groups.
-
On the Amazon Elastic Compute Cloud (Amazon EC2) instance, test the VPC peering connection with a networking utility. The following example uses netcat on the SourceForge website:
nc -zv HOSTNAME PORT
If the VPC peering connection is successful, then you receive an output that's similar to the following example:
$ nc -zv example.123456789.us-east-1.redshift.amazonaws.com 5439
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif en0
src xx.xxx.xxx.xx port 53396
dst xx.xxx.xxx.xxx port 5439
rank info not available
TCP aux info available
Connection to example.123456789.us-east-1.redshift.amazonaws.com port 5439 [tcp/*] succeeded!
Related information
Authorize access to the cluster
Managing clusters in a VPC
Work with VPC peering connections
Work with route tables