We've been using Retool for quite some time.
The database itself is located in a private AWS network. It's an AWS RDS Aurora MySQL database.
The cluster consists of two instances: read and write replicas.
Connection is made via an AWS EC2 bastion host, with an SSH key added directly on the EC2 instance.
In the connection settings, the master (write) instance is used.
Everything works fine.
I want to change the settings to switch from the write instance to the read instance of the same cluster.
This:
.cluster-cgqo.us-east-1.rds.amazonaws.com
is replaced with this:
.cluster-ro-cgxqo.us-east-1.rds.amazonaws.com
meaning, '-ro' (readonly) is simply added to the address.
Nothing else changes.
When I click 'test connection', I see an error:
Test connection failed
(SSH) Channel open failure: open failed
Expanding in the console, I see:
Test connection failed (10.249s):(SSH) Channel open failure: open failed
{query: "Connect Request", error: Object}
query: "Connect Request"
error: Object
message: "(SSH) Channel open failure: open failed"
data: Object
reason: 1
name: "Error"
message: "(SSH) Channel open failure: open failed"
stack: "Error: (SSH) Channel open failure: open failed at onChannelOpenFailure (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/utils.js:16:11) at CHANNEL_OPEN_FAILURE (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/client.js:510:11) at 92 (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/protocol/handlers.misc.js:810:16) at Protocol.onPayload (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/protocol/Protocol.js:2024:10) at AESGCMDecipherBinding.decrypt (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/protocol/crypto.js:1091:26) at Protocol.parsePacket [as _parse] (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/protocol/Protocol.js:1993:25) at Protocol.parse (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/protocol/Protocol.js:292:16) at Socket.<anonymous> (/retool/node_modules/.pnpm/ssh2@1.4.0/node_modules/ssh2/lib/client.js:712:21) at Socket.emit (node:events:517:28) at Socket.emit (node:domain:489:12) at Socket.emit (/retool/node_modules/.pnpm/dd-trace@3.19.0/node_modules/dd-trace/packages/datadog-instrumentations/src/net.js:61:25) at addChunk (node:internal/streams/readable:335:12) at readableAddChunk (node:internal/streams/readable:308:9) at Readable.push (node:internal/streams/readable:245:10) at TCP.onStreamRead (node:internal/stream_base_commons:190:23) at TCP.callbackTrampoline (node:internal/async_hooks:130:17)"
I've checked the EC2 instance, ensuring the key is in place and up-to-date. The EC2 instance has network access to the read replica, just as it does to the write.
I searched forums for similar issues but couldn't find any that match my case exactly.
Please help resolve the issue.
Why can't it connect through the same bastion host to different instances of the same cluster?
I want to change the load to the read instance.