Weird. RDS encryption means that the data encrypted on the disk. The client still talks to the DB transparently, so I believe it should work the same. I may be incorrect here, but that’s my understanding of it.
Wondering if there is a more informative error message when the Jets app boots up and tries to connect to the db. The db connection gets establish on boot up, so you’ll only see error near the Jets deploy time. Try deploying and checking the logs near the deploy time for hopefully a more helpful error message.
Tip: Sometimes, I just modified the function in the Lambda console editor by adding a space or newline so the function is “deployed” and check the logs for a quicker way to debug.
Jets deployment on bash side seems to be ok as I get the usual message “Stack success status: UPDATE_COMPLETE” and the api gateway endpoint is displayed.
Regarding the logs on AWS side, I get absolutely no entry on RDS, APIGateway and Lambda after the deployment.
I just have to wait a few hours … I don’t know which AWS components needs this delay but now it is working.
For information, I had the same delay issue when I had to update my AWS SSL certificate. It worked immediately on my development environment whereas I had to wait more than one hour on my production environment.
Sounds like the db was being modified from non-encrypted to encrypted disk. Believe when that happens, the RDS steps are generally:
Suspend IO activity to guarantee the the data will be consistent for the next step
Snapshot the current EBS volume associated with the RDS instance
Provision a new encrypted EBS volume from the snapshot
Attach encrypted EBS volume to RDS instance
Starts back up RDS database
So that’s why you see downtime during this process.
Unsure if it makes a difference in terms of downtime with an RDS multi-AZ setup because IO activity would still be suspended for a consistent data snapshot.
A shot in the dark. Maybe during the upgrade did db reboot? If that happens the clients (lambda functions) need to reconnect. ActiveRecord has a “reconnect: true” setting that helps: