Beanstalk A - Hosts the UI Beanstalk B - Hosts the API RDS - Hosts the SQL DB and is not public
1) I didn't attach B to RDS in configuration, but I am accessing RDS through B by setting up env variables and setting the security group of RDS to allow inbound MYSQL from B 2) I can ssh into B and access RDS through B 3) I have both A and B behind load balancer and behind https 4) Both A and B running on javascript/node js 5) B has inbound rule to allow All TCP from A
PROBLEM:
When I go to A's url and do a search which eventually hits B, I get a 'Connect ETIMEDOUT' ERROR.
I realize this has something to do with allowing access, but I have security group of RDS allowing B and security group of B allowing A. So what am I doing wrong?
How are the API calls happening? Is A making API calls to B from the server-side code, or in Front-end JavaScript code?
If A is making API calls to B from server-side code:
First make sure that the following is true: Load Balancer B accepts traffic from the security group assigned to EC2 server A. EC2 server B accepts traffic from the security group assigned to Load Balancer B.
You may need to make the load balancer for B private, so that the traffic between A and B will stay within the VPC. If the traffic is going from service A out of the VPC and back in to the VPC to hit service B then the association to the security groups is lost, and so the security group rule for load balancer B will not work.
If A is making API calls from the front-end JavaScript code:
The security group assigned to load balancer B will need to have the same rules as load balancer A, which I assume allow all HTTP/HTTPS traffic from any source. This is because the API calls are actually happening over the Internet, originating from a user's web browser on their local computer, not from server A.