RDS MySQL ERROR 1045 (28000): Access denied for user when connecting to db from EC2

5
votes

I have an EC2 instance that I am trying to connect to an RDS (mySQL) instance.

I created an RDS mySQL instance with the name: mydbinstance, user: mysuperuser and a generic 8 character (mypassword) just for testing purpose.

Virtual Private Cloud: default (same as where the EC2 is located)

Subnet group: default

Public accessibility: No (DB instance will not have a public IP address assigned. No EC2 instance or devices outside of the VPC will be able to connect.)

Availability zone: No preference

VPC security groups: Create new VPC security group

IAM DB authentication: Disabled

I added the RDS instance to the same VPC as the EC2 instance, so it's in the same zone.

The dbinstance is using a new security group:

Type: Custom TCP Rule Protocol: TCP Port: 3306 CIDR: 174.62.127.135/32

Where does this IP address comes from? I didn't specify anything at instantiation...

Next, I ssh to my EC2 instance (the one located in the same VPC), and try:

$ mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p

I entered mypassword (the one I specified earlier) at the prompt and I get:

ERROR 1045 (28000): Access denied for user 'mymasteruser'@'localhost' (using password: YES)

I tried getting the IP address of the EC2 box with ifconfig, and updated the security group IP address (the one I was wondering about above) used by RDS with it. Same result, no luck connecting. I've been googling for an answer since then.

What are my other options to debug this? I would appreciate any suggestions.

UPDATE

I was able to run this from my laptop (by changing the DB Public Access to YES):

mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p

found 0 associations found 1 connections:

found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
    outif en3
    src 192.168.86.33 port 55863
    dst xx.xxx.xxx.xxx port 3306
    rank info not available
    TCP aux info available

But I am unable to get any output from my EC2 instance. It hangs! Same why I run netcat (nc) command. Why is this not working on my EC2 instance?

1
mysqlamazon-web-servicesamazon-ec2amazon-rds
Chech the security group that it allows this connection.EvgenyKolyakov
I did. I wrote above: The dbinstance is using a new security group: and provided the parameters for it.John Difool
If the security group didn't let me in, i wouldn't see the mySQL error. I suspect credentials are wrong but I triple checked why I typed, so I can scratch this. Is there another command I can try to use to connect from EC2 to RDS?John Difool

1 Answers

4
votes

I was able to make it work after I found the nugget on the aws forum. Posting it back here in case someone stumble on the same issue:

"In order to connect to MySQL, you will have to authorize the IP address of the host from which you plan to connect to MySQL. You should also revoke access from the CIDR you currently have authorized. If you don’t know your computer’s IP address, you can see it by visiting the site http://checkip.amazonaws.com/. Note that you will have to add “/32” to the end of this to convert the IP address to a CIDR which contains only that IP address. For example, if your IP address is 192.0.2.10, you should authorize access to the CIDR 192.0.2.10/32.