thats assuming that RDS instance in the same VPC. If not, you'd need to either 1. peer those VPCs first 2. alternatively, create a different compute environment in a private subnet, with NAT gateway and allow connections from NAT gateway public IP to RDS instance In that second scenario you need the NAT gateway bit and private subnet since otherwise you won't have a fixed public IP to add to the inbound security group

After some testing I was not able to connect the two VPCs because now any batch job that I would like to run gets stuck on RUNNABLE status. I tried to troubleshoot the batch job with AWSSupport automation and I got the following message: It seems like the container instance doesn't have communication with ECS service endpoint. Container instances need access to communicate with the Amazon ECS service endpoint. This can be through an interface VPC endpoint or through your container instances having public IP addresses. For more information about interface VPC endpoints, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/vpc-endpoints.html If you do not have an interface VPC endpoint configured and your container instances do not have public IP addresses, then they must use network address translation (NAT) to provide this access. For more information, see NAT gateways in the Amazon VPC User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) and HTTP proxy configuration in this guide https://docs.aws.amazon.com/AmazonECS/latest/developerguide/http_proxy_config.html. For more information, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-public-private-vpc.html

The funny thing is that everything was working correctly when I first ran the step function (all batch jobs were completed until the one that is failing because of the connection issue with the database)

One area I'd look into is: you're supposed to set up routing tables in a particular way after peering VPCs. If thats not set up right, it can lead to many mysterious issues where things can't connect to each other

My flow has a start, a load_models, and then a get_prediction steps. The first two finished correctly all the times

Now if I start a new step function execution, the first step is stuck on RUNNABLE and nothing goes forward

All the configurations are as intended and I deleted all routing routes from the peering together with the peering itself.

the only thing left to do is to recreate the whole stack and see if it happens even without creating a VPC peering

if that is the case, then it would seem like the instance resources get filled up somehow and can't be freed for new batch jobs (that is my guess)

moreover if you have just 1 task in the queue that requests too much, it blocks the rest of the queue, even if those tasks could've been scheduled otherwise

and the compute environment is the one from the template for cloudformation. it creates 2 instances that are up and running.