can't connect to mysql on AWS RDS (error 2003)
As your security groups are wide open, my guess is that your LAN is blocking outbound traffic on port 3306. Infact, looking at this support page ( http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToInstance.html ) firewall issues are listed as number 2 in common reasons for being unable to connect.
This question may help you out: MySql networking issue. May be worth taking a look at your local firewall settings. You mention you are on a laptop so my guess is your current network is classed as a public network and your outbound ports are being blocked (as mentioned in the question Ive linked).
If that gets you nowhere, its worth telnetting to your RDS instance on port 3306 and seeing what happens. This may well give you some more debug information which could help with the general Googling around of the issue.
As an aside, personally I wouldn't open up an RDS instance to the Internet directly. Its reasonably straight forward to setup an ssh tunnel to forward traffic to your RDS instance through an SSH server. Something like the stuff shown here: http://www.techrepublic.com/blog/linux-and-open-source/tips-and-tricks-to-help-you-do-more-with-openssh/
UPDATE: I've never used RDS with the 'publicly available' option (all our setups used ssh tunnelling to private RDS instances). Googling around, I came across quite a few queries in the AWS forums relating to access issues to public RDS instances. For example, https://forums.aws.amazon.com/thread.jspa?threadID=123483. May be worth trying the suggested fix of explicitly creating entries in the route table for the subnets that compose the RDS instance?
user3175226
Updated on July 18, 2022Comments
-
user3175226 almost 2 years
I'm in trouble on setting up a MySQL RDS.
From my EC2 instance I can connect fine, but from my laptop I get error 2003 (timeout).
- My RDS instance is configured to be publicly accessible.
- My security group has a rule inbound and outbound to allow all traffic everywhere (0.0.0.0/0).
Should I configure something on my VPC or Internet Gateway?
-
user3175226 almost 10 yearsthank you so much for the answer. i'm in trouble with this all day!
-
user3175226 almost 10 yearstelnet from my laptop shows timeout. telnet from ec2 works fine.
-
user3175226 almost 10 yearsi'm in my laptop on my home network. no one firewall.
-
user3175226 almost 10 yearsThe only place where I can block this connection is on my RDS Security Group? Because it has all traffic opened (just for testing). I really guess this is some issue with my VPC/subnet.
-
Matt Caton almost 10 yearsMay be worth adding entries to the route table for the RDS instance subnet(s)? - see update to answer -
Robin Salih over 6 yearsI had this problem recently, and it was down to a misconfigured subnet.
-
timetofly over 6 yearsTo clarify: ALL the subnets you choose in the RDS subnet group should have routing tables that have the internet gateway specified. My issue was that two of the subnets I chose were my "private" subnets, that had a NAT gateway specified for outbound traffic rather than the internet gateway, and RDS happened to choose a server in one of those subnets. Refer to this article if you're not too familiar with routing: medium.com/@mda590/aws-routing-101-67879d23014d
