I have designed this infrastructure. Initial


  • Ingress:
  • Egress:

ECS Cluster ASG SG:

  • Ingress:
  • Egress:

Now when I SSH to instance EC2 No 1. Sometimes I have access to MySQL, sometimes no:

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
ERROR 2003 (HY000): Can't connect to MySQL server on 'loadbalancerdomain.co.uk' (110)

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
ERROR 2003 (HY000): Can't connect to MySQL server on 'loadbalancerdomain.co.uk' (110)

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
ERROR 2003 (HY000): Can't connect to MySQL server on 'loadbalancerdomain.co.uk' (110)

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Now I do the modification for the infrastructure:

enter image description here

I have no access to MySQL from instance 1, I have access to MySQL from instance 2

Instance 1

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
ERROR 2003 (HY000): Can't connect to MySQL server on 'loadbalancerdomain.co.uk' (110)

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
ERROR 2003 (HY000): Can't connect to MySQL server on 'loadbalancerdomain.co.uk' (110)

ec2-user@EC2No1 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
ERROR 2003 (HY000): Can't connect to MySQL server on 'loadbalancerdomain.co.uk' (110)

Instance 2

ec2-user@EC2No2 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.

ec2-user@EC2No2 $ mysql -u root -hloadbalancerdomain.co.uk -p123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Target group: TG1 TG2 Task definition network mode: HOST


How Can I fix this?

The problem does not exists with the awsvpc network mode for task definition, but I need to scale instances up to use this mode.

1 Answers1


The problem with NLB is that it passes through the client IP. If you’re on ECS1 (e.g. and connect to NLB ( and it happens to send you back to ECS1’s mysql container it will look like the connection is coming from ECS1.

In other words your mysql client connects from to, but mysql thinks it connects from, not from In turn the response comes from back to That doesn’t work.

Also: You’ve got 2 mysql databases in two independent containers? How do you expect them to be synchronised? If I INSERT something to the left one and with the next connection NLB sends me to the right one it won’t be there.

If you need a reliable mysql database look at AWS RDS or AWS Aurora. Running databases in containers has a lot of challenges and running master-master setup with all nodes writeable is yet another level of complexity. I’m pretty sure you don’t want to do that.

Hope that helps :)

  • 23,798
  • 5
  • 54
  • 81
  • Ahh It makes sense to me. My containers are no mysql. But With mysql it was easier to explaint and show results. The same results are with my application. Thank you so much. – Daniel Hornik Feb 15 '20 at 13:45
  • 1
    @DanielHornik Glad I could help. However next time when you need help please describe the actual setup. Swapping components to some unrelated ones may lead to nonrelevant advice ;) – MLu Feb 16 '20 at 01:05