Cannot connect to Redshift due to error "[Amazon](500150) Error setting/closing connection: UnknownHostException" (4373595)

Cannot connect to Redshift due to error "[Amazon](500150) Error setting/closing connection: UnknownHostException"

A Redshift agent cannot connect to the AWS Redshift server. An error message similar to the following appears in the agent log

java.sql.SQLException: Exceeded failure limit while attempting initial connection to server.
...
Caused by: java.sql.SQLException: [Amazon](500150) Error setting/closing connection: UnknownHostException  

This generally happens if either

• The Redshift cluster isn’t publicly accessible (e.g., has a public IP)
• The security group configuration in Redshift isn’t allowing access to the cluster (for example, whitelist the IP address of the server running the FglAM).
• Network issues between the FglAM and the Redshift server. A firewall / network proxy that doesn’t allow outbound connections to certain resources / ports thereby blocking traffic between the servers.

 

Resolution 1

Check if the cluster is accessible on the Properties page under Network and security settings

Chose Publicly accessible YES (radio button) when creating the cluster. If this is set to NO then users can only access the cluster from inside the VPC.

This can be changed in the console by navigating to the cluster, clicking the Cluster ˅ button, clicking Modify. Then change the Publicly accessible selection and click the blue Modify button

It may take a minute or so for the change to take effect.
 

Resolution 2

Check which rules are attached to the security groups in 'Cluster security groups' and also in the Network and Security settings.

To enable access to an Amazon Redshift cluster in a VPC

1. Get the hostname and/or IP address from the FglAM of the agent that cannot connect.
2. Sign in to the AWS Console.
3. Go into the EC2 Management Console.
4. On the left navigation pane, look for the Network & Security header and click Security Groups.
5. Click the row with Default in the Group Name's column.
6. Select the Inbound tab, then click Edit.
7. Add Rule: Type=Redshift, Source=MyIP. (auto-fill)
8. Save it.

To enable access to an Amazon Redshift cluster that is not in a VPC

1. On the Redshift dashboard, on the left panel, click on "Security".
2. Go to "Security Groups" tab.
3. Click on "default" on the list.
4. Click "Add Connection Type".
5. On the modal, choose "CIDR/IP" on the "Connection Type".
6. Your IP address would be automatically populated on the input field.
7. Click "Authorize".

After making the changes, use the telnet command to verify whether the connection from the FglAM server to Redshift is successful or not. If the problem persists, contact AWS Redshift support to check if there's an issue on their end.
 

Resolution 3

Ask the network administrators to allow traffic between the FglAM and Redshift.

​