https://dagster.io/ logo
#dagster-cloud
Title
# dagster-cloud
d

Danny Xie

03/14/2023, 7:00 PM
hi 👋 any idea why our Dagster Hybrid deployment would fail with this time out error? Our ECS logs show that the target service has
Started Dagster code server for file dagster/repository.py on port 4000 in process 1
👋 1
d

daniel

03/14/2023, 7:01 PM
Hi Danny - was this in a brand new VPC? or an existing one that you added the hybrid agent into?
Has this cluster worked before with the ECS agent, or is it your first time spinning up a service?
d

Danny Xie

03/14/2023, 7:02 PM
it’s our first time spinning up a service on this cluster
d

daniel

03/14/2023, 7:03 PM
OK, ECS networking can be tricky when adding the agent to an existing VPC. Here are some things to check to troubleshoot and how to check them:
Copy code
- The VPC needs to use route53 for DNS
    - You can verify this by looking at the DHCP option set on the VPC
- The VPC needs to have assign_hostnames enabled
- The "default" security group in the VPC needs the following rules
    - An ingress rule that allows traffic from other addresses within the default security group. this allows the agent and grpc server to communicate with each other
    - Open egress from addresses in the Security Group to the internet, this allows the agent to communicate with Dagster Cloud
- (if using private subnets) The network ACL should allow the same rules as the security group, egress to the public internet and ingress from other hosts in the private subnet

How to check things:

- For the VPC DNS you can go to the VPC console, find the VPC the user wants and click on the DHCP option set
- For the security group go to the security groups section in the VPC console, filter for your VPC and find the one named "default"
- For the network ACLs you'll first need to find the subnet which you can also find from the VPC console and click on the tab for network ACLs
d

Danny Xie

03/14/2023, 7:07 PM
thanks I’ll go through the list and take a look!
15 Views