Connecting to RDS Postgres from remote machine

20
votes

I have configured an RDS Postgres micro instance for testing but am having problem connecting. I have created a security group and allow all hosts (0.0.0.0/0) by default to port 5432 but for some reason I am not able to connect. I tried connecting to the port 5432 on the machine but it appears to be closed. Any ideas? I have verified that the security group is using the correct security group.

This is my configuration

TCP
Port (Service)  Source  Action
5432    0.0.0.0/0   Delete

Here is how I am trying to connect to the rds service

psql -p 5432 -h example.cs945smhrv09.us-west-2.rds.amazonaws.com -U example example

UPDATE

OK feel a little silly after figuring out that rds starts up on a private 172 subnet. I was able to connect from my ec2 instance.

Question now is there a way to put that on a public address that I can connect to? I would like to configure it with a security group that limits the source ip but then be able to connect to it with psql from my desktop.

Update 2

I don't remember all the details when I originally posted this question but it is no longer an issue. We now have a management vpc that we connect to using a vpn server. The management vpc network is trusted by the prod and devel security groups for the rds instances. We have no problem communicating with them without adding any public ips.

6
postgresqlamazon-web-services

6 Answers

14
votes

Step 4 of the RDS setup wizard ("Additional Config") lets you select whether the DB is Publicly Accessible or not (if it's not, access is limited to within your VPC, regardless of your security group settings). I'd imagine that determines whether the hostname resolves to 54.* vs 172.* .

Your first instance may have been set to private - as far as I can tell this can't be changed after initialization. I had a similar issue and creating a new instance set to be publicly accessible solved it for me.

12
votes

My company's firewall had blocked outgoing traffic to the default postgres port, 5432. I didn't realise this until I tested the port using netcat in a terminal window, as follows:

nc -zv portquiz.net 5432

Hopefully this saves someone half a day of messing around with AWS security groups.

4
votes

Absolutely there is. I have pgadmin loaded on my local machine connected to my RDS instance. |

I just confirmed that I can connect using the same syntax you used for psql, although the -U was not necessary for me (I still included both "example" parameters though)

I did edit the "default" security group and added my IP (Ip of the machine I'm connecting from)/32 to be allowed, although I'm sure you could get less restrictive than that, but I'd start there and see if it helps.

0
votes

This is likely caused by your outbound firewall rules. If you're behind a corporate firewall, they will often block outbound ports above a certain number. You need to setup an SSH tunnel of some kind to avoid this. http://conoroneill.net/accessing-amazon-rds-instances-from-your-desktop/

0
votes

I had this problem. This isn't a direct solution but might work for some. I set the Postgres security group to accept connections coming from the server that will be using it (same VPC). I then set up my Postgres client to use ssh tunneling. If I need to use the command line, I simply SSH into that server and then psql from there.

-1
votes

You can simply use workbench recommended by aws but make sure your all postgres availibily is set to everywhere..while adding PostgrSQL 5432

https://aws.amazon.com/getting-started/tutorials/create-connect-postgresql-db/