Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Step 6: Validating network connectivity - Amazon FinSpace
Create an RDB ClusterCreate an EC2 instanceStart a q process and listen on port 5005Create another EC2 instanceTest the connection

Step 6: Validating network connectivity

PDF

After you’ve successfully created an outbound network connectivity between FinSpace VPC and your VPC using transit gateway, you can validate the network configuration. To do this, run a test to connect to a customer EC2 instance q process from an RDB cluster in the FinSpace environment.

The following procedure shows how to connect to an RDB cluster and then connect to a q/kdb process running on EC2 instance in the your VPC account. In this step, you will create two EC2 instances:

  • customerEc2Instance – This is a q process to which the RDB would connect to.

  • clientEc2Instance – This is a q client to connect to the RDB cluster.

Create an RDB Cluster

Create an RDB cluster with a single-AZ mode by following the steps in this tutorial.

Create an EC2 instance

Use the following command to create an EC2 instance with a name customerEc2Instance instance to which an RDB would connect to.

echo '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}' > policy.json
aws iam create-role --role-name ssmrole --assume-role-policy-document file://policy.json
aws iam attach-role-policy --role-name ssmrole --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess
aws iam attach-role-policy --role-name ssmrole --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
aws iam attach-role-policy --role-name ssmrole --policy-arn arn:aws:iam::aws:policy/AmazonSSMPatchAssociation
aws iam create-instance-profile --instance-profile-name "SSMRole"
aws iam add-role-to-instance-profile --instance-profile-name SSMRole --role-name ssmrole

aws ec2 run-instances \
--count 1 \
--instance-type t2.micro \
--security-group-ids <SecurityGroup>\
--subnet-id <SUBNET> \
--iam-instance-profile Name=SSMRole \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=CustomerEc2Instance}]" \
--image-id $(aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-2 | jq ".Parameters[0].Value" -r) \
--metadata-options "HttpEndpoint=enabled,HttpTokens=required"

Start a q process and listen on port 5005

  1. Connect to the CustomerEc2Instance instance. For more information, see this section.

  2. Install the q client. For more information on installation, see Installing kdb+.

  3. Launch a q process and run the following command to listen on port 5005.

    q) \p 5005

Create another EC2 instance

Create another instance with a name clientEc2Instance, which you can use to connect to the RDB cluster. The EC2 instance should use the same security group and subnet that you chose for the cluster. 

aws ec2 run-instances \
--count 1 \
--instance-type t2.micro \
--security-group-ids <security group> \
--subnet-id <SUBNET> \
--iam-instance-profile Name=SSMRole \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=Bastion}]" \
--image-id $(aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-1 | jq ".Parameters[0].Value" -r) \
--metadata-options "HttpEndpoint=enabled,HttpTokens=required"

Test the connection

Test the connection from q process on EC2 instance to the RDB cluster.

Create an RDB cluster with a single-AZ mode by following the steps in this tutorial.

  1. Connect to the clientEc2Instance by following the steps in this section.

  2. Install the q client. For more information on installation, see Installing kdb+.

  3. Start a q process and connect to the RDB cluster on port 5005 by using the following example command. 

    q)cs_rdb1: <RDB cluster connection string> 
            q)cs_rdb1: ssr[cs_rdb1;"\n";""] 
            q)conn: hopen cs_rdb1 
            q)conn hopen(":<Private IP DNS name
            of customerEc2Instance
            5005"; 10)

    The following section explains the sample code:

    • cs_rdb1 has a cluster connection string. For more information on how to get a connection string, see the Interacting with a kdb cluster section.

    • hopen command opens a connection to the RDB cluster and gets a connection handle.

    • Use connection handle to run hopen connection test to the customerEc2Instance q process listening on port 5005 to test connectivity from RDB cluster to customerEc2Instance.

You should be able to successfully connect to port 5005.

Repeat the steps for starting a q process and testing connection with port 5006. You will fail to connect because only port 5005 is allowed in the in-bound rules of the security groups.

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.