Unable to access amazon RDS mysql instance from lightsail instance

Question

I am new to AWS and not a network admin, mere a developer, and need your help.

I am unable to connect to my aws RDS (mysql) from my lightsail ubuntu instance. when trying to connect, it just wait for a minute and then fails. I am unable to ping my RDS either.

here is the setup
the lightsail instance has vpc peering enabled in lon-zone-A I have created a mysql RDS instance in aws and used default vpc peering. mysql is restricted to VPC and using default security group which has a rule for inbound - All traffic for default security group source

the default VPC have 2 subnets in CIDR 172.31.16.0/20 and 172.31.0.0/16 for two availability zone A and B.
In route table of the subnet, i have
172.26.0.0/16 as destination and target to vpc peering which further has

Requester VPC CIDRs 172.26.0.0/16
Accepter VPC CIDRs 172.31.0.0/16

My lightsail instance has private IP 172.26.15.xxx and in lon-Zone-A When i ping my mysql intance, i get ip 172.31.10.9

command using to connect mysql -h xxxxxx.xxxxx.eu-west-2.rds.amazonaws.com -P 3306 -u db_master_username -p

RKI RKI · Accepted Answer · 2018-09-12T15:07:29

To enable access from AWS Lightsail to AWS RDS you can accomplish in two separate ways:

Method 1.

Make RDS publicly accessible.

In RDS pick you instance and click 'Modify'. In section 'Network & Security' choose 'Publicly accessible' to Yes. Apply settings and wait until they are effective. Your RDS has public IP now.
Add your Lightsail public IP to the RDS security group inbound traffic.

Use CIDR: x.x.x.x/32 where x.x.x.x is your Lightsail instance public IP.

Method 2. (better, RDS with no public IP)

Make sure you Lightsail instance is in the same Availability Zone as RDS.
Set up VPC peering beetween Lightsail VPC and Amazon VPC.
Add your Lightsail local IP to the RDS security group inbound traffic.

Unable to access amazon RDS mysql instance from lightsail instance

2 Answers