The EC2 instance/live web can connect just fine to the RDS database. But when I want to debug the code in my local machine, I can’t connect to the database and got this error:
OperationalError: (2003, “Can’t connect to MySQL server on ‘aa9jliuygesv4w.c03i1
.ppk keys to
.ssh and I already configure EB CLI. I don’t know what should I do anymore.
FYI: The app is in Django
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
It turns out it is not that hard. Do these steps:
- Go to EC2 Dashboard
- Go to Security Groups tab
- Select and only select the RDS database security group. You’ll see the security group detail at the bottom
- Click Inbound tab
- Click Edit button
- Add Type:MYSQL/Aurora;Protocol:TCP;Range:3306;Source:0.0.0.0/0
PUBLIC ACCESSIBILITY IS SET TO YES
This is what I spent the last 3 days trying to solve…
Accept traffic from any IP address
After creating an RDS instance my security group inbound rule was set to a specific IP address. I had to edit inbound rules to allow access from any IP address.
- “Security group rules”
- Select a security group
- Click “Inbound Rules”
- Click “Edit Inbound Rules”
- Under “Source” Select the Dropdown and click “Anywhere”
- ::0 or 0.0.0.0/0 Should appear.
- Click “Save Rules”
Make sure that your VPC and subnets are wide enought.
The following CIDR configuration works great for two subnets:
10.0.0.0 — 10.0.255.255 (65536 addresses)
10.0.0.0 — 10.0.127.255 (32768 addresses, half)
10.0.128.0 — 10.0.255.255 (32768 addresses, other half)
Adjust it if you need three subnets.
I wasn’t being able to connect to my RDS database. I’ve manually reviewed any detail and everything was alright. There were no indications of any issues whatsoever and I couldn’t find any suitable information in the documentation. My VPC was configured with narrow CIDR: 10.0.0.0/22 and each subnet had a 255 addresses. After I’ve changed CIDR to 10.0.0.0/16 and split it totally between two subnets my RDS connection started to working. It was a pure luck that I’ve managed to find a source of the problem, because it doesn’t make any sense to me.
Just burned two hours going through the great solutions on this page. Time for the stupid answer!
I redid my Security Groups, VPC’s, Routing Tables, Subnets, Gateways… NOPE. I copy-pasted the URL from the AWS Console, which in some cases results in a hidden trailing space. The endpoint is in a
<div> element, which the browser gives a
n when copying. Pasting this into the Intellij db connector coerces it to a space.
I only noticed the problem after pasting the URL into a quote string in my source code.
In my case, when I upgrade the size. The private address of the rds instance fell into a private subnet of the VPC. You can use the article
My instance is in a private subnet, and I can’t connect to it from my local computer to find out your db instance address.
However, changing the route table didn’t fix my issue. What I did finally solve my problem is to downgrade the size and then upgrade the size back. Once the private address falls back to the public subnet. Everything works like a charm.
I was also not able to connect even from inside an ec2 instance.
After digging AWS RDS options it turns out that ec2 instances are only able to connect to RDS in the same VPC they are in.
When creating an ec2 instance in the same VPC where the RDS was I could access it as expected.
Well almost everyone has pointed out the answers, i will put it in different perspective so that you can understand.
There are two ways to connect to you AWS RDS
- You provision an instance in the same VPC & Subnet. You install the workbench you will be able to connect to the DB. You would not need to make it public accessible. Example: You can provision an windows instance in the same VPC group and install workbench and you can connect to the DB via endpoint.
- The other way is to make the Db publically accessible to your IP only to prevent unwanted access. You can change the DB security group to allow the DB port traffic to your IP only. In this way your DB will be publically accessible but to you only. This is the way we do for various AWS services we add there security group in the source part of the SG.
If both the options doesn’t work then the error is in the VPC routing table, you can check there if it associated with the subnet and also if the internet gateway is attached.
You can watch this video it will clear your doubts:
Do not forget to check if you have your VPN or firewall blocking connection.
In case you’ve tried all answers above try this…
Recreate the database….
AWS on database creation provides an option to allow public/private access access