What would prevent me from connecting to a MySQL server on AWS RDS from an AWS EC2 VM?

2
votes

I have a MySQL RDS instance in AWS which has been set up properly.

I also have a Linux EC2 instance in AWS.

However, I can't connect to my RDS instance from the EC2 instance.

I can connect to the RDS instance from my own laptop, however.

I suspect it is one of four things

  • interface binding of the RDS instance - it is listening on the external interface but not on the internal one
  • firewall for the RDS instance - it is allowed connections from outside the AWS network but not from inside
  • firewall for the EC2 instance - it is not allowing connections to the RDS instance
  • name resolution on the EC2 instance - for some reason the name of the RDS instance is not resolving to the right IP address

However, I have checked all of these to the best of my knowledge, and they seem to be in order.

What should I be looking at?

Update 1: Following a question by @mbaird, I have checked that both the EC2 instance and the RDS instance are on the same VPC. What implications does that have?

Update 2: Following a question by the user @"Michael - sqlbot", when I say cannot connect, when running mysql at the command line, with

mysql --host=<my-hostname> --port=3306 --user=<user> --password=<password>

I can connect form my own laptop, but when I try connecting from my EC2 instance, it just sits there doing nothing. After a while, I get the message

ERROR 2003 (HY000): Can't connect to MySQL server on '<my-hostname>' (110)

Also, when trying to connect to it from my Java application server, I get the following in my stack trace

Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
...
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
...
Caused by: java.net.ConnectException: Connection timed out

Update 3: The DNS resolution is different depending on whether I am internal to AWS or external.

nslookup <my-hostname>

on my laptop results in an IP address 52.11.*.* range, while doing the same from my EC2 instance results in an IP address in the 172.31.*.* range.

1
mysqlamazon-web-servicesamazon-ec2amazon-rds
Are the EC2 instance and the RDS instance both inside the same VPC?Mark B
Yes. As it happens, that are both on the same VPCVihung
how are your security groups configured? specifically, the security group for the RDS instance.tedder42
Simple way to determine if it's a DB security group issue is to allow all inbound traffic temporarily. Also note that DNS resolution from an EC2 instance for other instances within the same VPC yields the private IP, while DNS resolution from your laptop, or anywhere else outside your VPC, will yield the public IP. (Haven't verified this is the case for RDS instances, but suspect it)jarmod
You should be looking at none of these things until you first look at the error message. "I can't connect" is not sufficient. Please post the exact error message. That should give us enough information to avoid guesswork and speculation and pinpoint the problem.Michael - sqlbot

1 Answers

1
votes

If your EC2 Instance and RDS DB Instance are in different VPC, you might be using VPC peering to connect two VPCs. But in your case, both are in same VPC. That's good. Make sure RDS DB Instance are launched in private subnet and EC2 Instance are launched in public subnet.

To Connect RDS DB Instance in EC2 Instance

  1. In RDS DB Instance security group, you need to open traffic for EC2 instance.
  2. Click DB Security Group from RDS Dashboard. Click on Inbound tab. Edit button is used to add or remove rules from security group.
  3. Add rule for EC2 Instance to access your database. Let's say, you have launched MySQL DB Engine in DB Instance. You need to open 3306 port for EC2 Instance. You can use Private IP of EC2 instance to connect with RDS DB Instance.
  4. SSH into EC2 instance, install mysql-server package. You need to connect RDS DB Instance using mysql-server.
  5. mysql --host=<my-hostname> --port=3306 --user=<user> --password=<password> command used to connect with RDS DB Instance.

To Connect RDS DB Instance in MySQL WorkBench

  1. In MySQL WorkBench, click on Setup New Connection.

  2. Give connection name. Choose Standard (TCP/IP) over SSH. You need to provide SSH hostname, username and keyfile as well as MySQL hostname, port, username and password.

  3. SSH credentials is nothing as EC2 instance credentials. For Keyfile, you have to browse for KeyPair(.pem) file. In RDS Hostname, you have to provide endpoint which is available in RDS dashboard.

  4. To verify connection, click on Test Connection button.

    The reason you are choosing Standard (TCP/IP) over SSH is to connect RDS DB Instance through EC2 Instance. First, It will connect to an EC2 Instance and then access to RDS DB Instance because DB Instance doesn't have internet access and it is in Private Subnet.

Make sure in java web application, you mentioned RDS hostname, port, username and password are correct. No need to mention EC2 hostname in the application.