Search code examples
gremlinamazon-neptune

AWS Neptune: Notebook Does Not Connect Though I Can Connect to the DB from my EC2 Instance

Problem

I have created an AWS Neptune DB cluster and it does not connect from the Jyupiter Notebook (SageMaker). The status check does not respond and eventually displays a timeout message after a minute or longer. It looks like it is hanging.

  • I have created a notebook with a new name and a new IAM role name.

  • I have selected Direct access through Amazon SageMaker which is the default.

After doing this, it simply does not connect to my DB. Even though, I can connect fine with gdotv.com Gremlin IDE and Gremlin Console from an EC2 instance running on the designated VPC.

Solution

  • Possible Fix

    This answer pertains to situations where you already can connect to your Neptune from your EC2 instance but not from the SageMaker side.

    There are many causes of Neptune connection issue but most of which are security group related and especially that the inbound port 8182 is not enabled for various scenarios.

    Specific to the SageMaker notebooks, it may be requesting a connection from a subnet you have not yet permitted 8182. That was my situation.

    To check for this condition:

    • Go to the SageMaker console, Notebook -> Notebook Instances and select your instance.

    • Scroll down that page until you find the Network card and select subnet. Click on the subnet and take the note of the IPv4 CIDR (you could be using IPv6 too) block information.

    • On your Neptune Console, select the Cluster's Writer node. This is where you find the security group that the instance is using. Click on the security group link on the top right of the Connectivity and Security card.

    • Click the Security Group ID in the list and then you should see the Inbound Rules table. Click the Edit inbound rules button on that panel.

    • Add Rule

    • And add a new Custom TCP rule for Port 8182 and add the subnet block.

    • Save the configuration - the save button is often missed but it will show up at the bottom of the panel.

    Now restart your notebook and test the status.

    Note: If all else fails add 0.0.0.0/32 (the entire world) for a brief period of time and see if it connects. If it does connect, you know it's your SG. If it does not, this is not the answer.