Node.js Elastic Beanstalk TIMEDOUT Error

I got an error when deploying my Node.js app into AWS Elastic Beanstalk (EB). The error said

Error: connect ETIMEDOUT
    at errnoException (net.js:901:11)
    at Object.afterConnect [as oncomplete] (net.js:892:19)
    at Protocol._enqueue (/var/app/current/node_modules/mysql/lib/protocol/Protocol.js:110:26)
    at Protocol.handshake (/var/app/current/node_modules/mysql/lib/protocol/Protocol.js:42:41)

My Node.js app using node-mysql module to access database. You can see “mysql” in the error statement. Seeing from errors, this must be related with database. I use Amazon Relational Database Service (RDS) and my node.js app is configured to connect with it.

After exploring this error, I know why it is occurred. It is caused by security group of my EB instance which is not allowed to connect to DB instance in RDS. To overcome this problem, follow these steps:

1) Go to app in Elastic Beanstalk
2) Choose the environment
3) Choose configuration then choose instance
4) Check its EC2 security groups

EC2 Security Groups

5) Go to RDS menu

RDS menu
RDS menu

6) Choose DB Instance

7) Add the security group you found at step 4 to DB Instance

Add security group to db instance
Add security group to db instance

8) Click Authorize

9) Finish

I can conclude that everytime you create new EB instance you need to add its security group to DB instance in RDS so your Node.js app can connect to it. Hope this article helps you.


  • isaac

    How did you configure?

    • isaac

      For anyone who wants to connect an RDS mysql db to an ELB app (i’m using node js), the steps are a little different now.
      1)Create db in rds.
      2)Record the db name (not the instance name), host name (the complicated-looking url, without the “:3306″), the user name and password,
      3)Find the security group for your ELB app as described in this article
      4)Add it to the db instance (RDS > Instances > Config. Details, under magnifying glass tab > security group link, takes you to ec2 security groups > I saw only one security group until I clicked “Security groups” >
      adding these fields to the right security group (the one named default is the one I had to use) to allow your app to connect, under inbound:
      “mysql/aurora”, ” tcp”,3306″, (your security group name)
      5)In ELB: Configuration > Software Congifuration > Environment Variables
      Set the following values to what you have recorded: RDS_HOST, RDS_USERNAME, RDS_PASSWORD, RDS_PORT (3306 is the default)
      6) See mySQL library/package (i.e. under nodejs’ npm) on how to connect (i.e. process.env.RDS_HOSTNAME)
      7) You can also use mysql workbench by allowing your ip to connect, by adding the same fields, but “my ip” instead of “custom”

      These steps might change, but hopefully the AWS will be more helpful. Also, you can package these variables an secure them under S3, but I did not get that far yet.