Connecting to an RDS from an EC2 on the same VPC

mysql amazon-ec2 amazon-web-services amazon-vpc amazon-rds
8,600

Check your security groups, that is the likely culprit. Hosts inside a VPC using DNS names will always use the private-IP of the remote resource, so the NAT / IG portion isn't important.

Share:
8,600

Related videos on Youtube

Theodore
Author by

Theodore

Updated on September 18, 2022

Comments

  • Theodore
    Theodore over 1 year

    I have an RDS instance running on one subnet without NAT, and an EC2 instance running on another subnet with an Internet Gateway configured, both located in the same VPC. I have configured the RDS instance to not be publicly accessible.

    I am using the following command in my remote EC2 (running on the second subnet) to connect to the RDS instance:

    mysql -h xxxx.eu-central-1.rds.amazonaws.com -P 3306 -u root -p

    I have entered the correct password which I have set when configuring the RDS, but I get the following error:

    ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX.eu-central-1.rds.amazonaws.com' (110)

    I've checked, it's not a name resolution problem. The ec2 converts the endpoint to the correct internal ip.

    Here are my settings:

    RDS

    VPC: the same as the EC2

    AVAILABILITY ZONE: eu-central-1b

    SUBNET: in the RDS panel I can see all the subnets, yet I can see that there is one less available ip in the private subnet of zone b

    SECURITY GROUP: private security group (no outbound rules, and in the inbound, single rule with the mysql port and the public security group as the source)

    PUBLICLY ACCESSIBLE: no

    MULTI AZ: no

    EC2

    VPC: the same as the RDS

    AVAILABILITY ZONE: eu-central-1b

    SUBNET: public subnet of zone b

    SECURITY GROUP: public security group (all ports from any source as the inbound rule, and ssh, http and https ports from any source as the outbound rule)

    I can access the EC2 instance using http and ssh. It works as expected.

    VPC

    VPC: both RDS and EC2 uses the same

    SUBNETS: one public and one private for each AZ, 4 in total

    DHCP: the default one (domain-name = eu-central-1.compute.internal domain-name-servers = AmazonProvidedDNS)

    ROUTE TABLES: for the public subnets, route to local (automatically) and to the internet getaway, for the private, only the local (automatically)

    ACLs: public: allow all both in the inbound and in the outbound. private: allow all on the inbound only. There is also a line with the id * with deny all, on both ACLs, both on inbound and on outbound, but I'm pretty sure that is suppose to be there, I can't delete it.

    What am I doing wrong? Am I missing something?

    • jordanm
      jordanm over 7 years
      Are both subnets in the same VPC? Is your security group for the RDS instance configured to allow connections to that host or subnet?
    • Tim
      Tim over 7 years
      I did a bit more reading and checked my account. I think database security groups are from the old EC2 classic, so my earlier advice is likely incorrect. I'll edit my answer and delete previous invalid comments.
    • Tim
      Tim over 7 years
      Suggest instead of describing the rules you think you have in place that you take screenshots of the console to demonstrate them. You would have to show what subnet the EC2 instance is in, the security group associated with the EC2 instance, and the same for the RDS instance. You should also try pinging the RDS endpoint and check you're getting a private IP - ie one within your VPC range, in particular within the correct subnet.
  • Theodore
    Theodore over 7 years
    Hi, I have created a security group and enabled it. I have edited my original message with some more info about the case, hope that helps!
  • Theodore
    Theodore over 7 years
    Hi, I have created and enabled a security group but the problem still exists. I have added some more info to my original question, maybe that will help!
  • Theodore
    Theodore about 7 years
    The problem at the end was related to the security groups, just as you said. I accidentally blocked the inbound traffic for all ports.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Amazon RDS unable to execute SET GLOBAL command
Connect to RDS MySQL instance from ec2 Linux AMI - mysql command not found
Unable to connect to RDS instance from outside VPC (ERROR 2003 (HY000) Can't connect to MySQL Server)
can't connect to mysql on AWS RDS (error 2003)
Connecting to Amazon RDS instance through EC2 instance using MySQL Workbench
Amazon RDS Aurora vs RDS MySQL vs MySQL on EC2?
How to export database from Amazon RDS MySQL instance to local instance?
MySQL/Amazon RDS error: "you do not have SUPER privileges..."
Can't connect to RDS instance from EC2 instance
RDS MySQL ERROR 1045 (28000): Access denied for user when connecting to db from EC2