AWS Connectivity Troubleshooter

Just simple troubleshooting questions to ask myself whenever connectivity fails.

ECS <--> SecretsManager

• Does the ECS task have network access to SecretsManager? e.g.:
  • from a private subnet via a NAT Gateway or VPC Endpoint
  • from a public subnet via a public IP address
• Does the TaskExecutionRole have sufficient IAM rights to read the secret?

API Gateway HTTP API <--> VPC Link <--> ECS

• Does the VPC Link have a security group that's allowed to access the ECS tasks on the given port?
• Are the Cloud Map DNS records of type SRV?

RDS Access

• Does the accessor have a security group that's allowed to access the DB?
• Does the accessor have the right network access?
• Is the accessor using the right port? (Aurora may set unexpected ports when using CloudFormation)
• Have you double checked spelling?