A DevOps team provisions a complete production web stack (VPC, ECS cluster, RDS, OSS, SLB with SSL) using Terraform, then troubleshoots application-level database connectivity issues between the deployed ECS instances and RDS backend when the application fails to connect.
Use this workflow when provisioning a production web stack via Terraform and immediately troubleshooting application-level database connection failures between ALinux-based ECS instances and ApsaraDB RDS. It bridges infrastructure-as-code deployment with targeted network and credential validation to rapidly restore secure, compliant connectivity.
terraform init and terraform apply. Define alicloud_vpc, alicloud_security_group, alicloud_instance (ALinux), alicloud_db_instance (RDS), alicloud_oss_bucket, and alicloud_slb with alicloud_ssl_certificate from CAS.main.tf, set security_ips to the ECS VPC CIDR (e.g., 10.0.0.0/16) and provision credentials: resource "alicloud_db_account" "app_user" { instance_id = alicloud_db_instance.main.id; name = "app_user"; password = "SecurePass123!" }.remote-exec to install dependencies on ALinux: yum install -y mysql-connector-python python3-pip. Deploy your application binary.nc -zv <rds-endpoint>.rds.aliyuncs.com 3306. Success confirms L3/L4 reachability.nc hangs, verify ECS outbound and RDS inbound rules allow TCP 3306. Check VPC route tables for missing NAT/IGW entries.mysql -h <rds-endpoint> -u app_user -p -P 3306. If it fails, verify account privileges and ensure the RDS whitelist matches the ECS private IP.ImportError: libmysqlclient.so.21, run ldd $(python3 -c "import mysql.connector; print(mysql.connector.__file__)") on ALinux and install missing libs via yum install mysql-community-libs-compat.Terraform orchestrates the lifecycle of all resources. User traffic hits the SLB, which terminates HTTPS using CAS-managed certificates. The SLB forwards requests to the ECS cluster running ALinux. ECS instances query the RDS backend over the private VPC network for dynamic data, while static assets are offloaded to OSS. All components are bound by shared security groups and IAM roles.
AliyunVPCFullAccess, AliyunECSFullAccess, AliyunRDSFullAccess, AliyunSLBFullAccess.alicloud provider configured via ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY.security_ips, causing timeouts over the internal network.ImportError or ModuleNotFoundError in application runtimes.terraform plan and cause inconsistent connectivity during updates.Q: How do I troubleshoot database connectivity issues between ECS and RDS after deploying a production stack with Terraform? A: You can resolve these connection failures by applying the dedicated ECS App Database Connectivity debugging workflow after completing your Terraform-based infrastructure provisioning. This approach addresses application-level connectivity issues between deployed ECS instances and the RDS backend within a complete production web stack that includes VPC, OSS, and SSL-enabled SLB components.