Connecting to an RDS from an EC2 on different subnets without NAT

1
votes

I have an RDS instance running on one subnet without NAT, and an EC2 instance running on another subnet with an Internet Gateway configured, both located in the same VPC. I have configured the RDS instance to not be publicly accessible.

I am using the following command in my remote EC2 (running on the second subnet) to connect to the RDS instance:

mysql -h xxxx.eu-central-1.rds.amazonaws.com -P 3306 -u root -p

I have entered the correct password which I have set when configuring the RDS, but I get the following error:

Can't connect to MySQL server on xxxx.eu-central-1.rds.amazonaws.com

What am I doing wrong? Am I missing something?

2
mysqlamazon-web-servicesamazon-ec2amazon-rdsamazon-vpc

2 Answers

3
votes

You most likely need to open port 3306 in the security group assigned to the RDS server. In particular, create a rule allowing ingress on port 3306, and for the source use the ID of the security group assigned to the EC2 server.

0
votes

The Security Group ingress rules for your subnet and/or your PostgreSQL instance must have port 3306 open for PostgreSQL. If you have changed the default port, you must use that port instead.

Your EC2 instance should not have to communicate through the internet to reach it, it just needs the proper port open in the security groups.

If you are not allowing all egress data in your EC2 security group, then you will need to ensure egress port 3306 is open on the EC2 security group, to the RDS security group.