Cannot connect to RDS via hostname

1
votes

I have a "publicly accessible" RDS PostgreSQL DB instance in its own VPC and an EC2 instance in a second, peered VPC. The SGs allow PostgreSQL protocol in both directions and both VPCs also have IGWs attached. Pgadmin connects to the RDS instance from the EC2 instance using the public IP address but not the provided hostname. I need to be able to use the hostname. Any suggestions to troubleshoot?

3
postgresqlamazon-web-servicesamazon-ec2amazon-rds
What type of error are you seeing? You're saying the same host does not allow connections to the hostname only, but it is allowed via IP. How have you validated these are the same hosts?Chris Williams
What happens when you run nslookup on the RDS hostname from the EC2 instance? You probably need to include your route table configuration for the subnet the EC2 instance is in (in other words, does it have a specific route to the peered VPC?) and the exact security group settings of the RDS instance.Mark B
Why do you have the RDS database configured as 'publicly accessible'? Is it also being accessed from the Internet?John Rotenstein

3 Answers

1
votes

Hostnames of public accessible RDS instances are resolved differently from the outside and from the inside of aws. So from ec2 instance it will be a private ip, while from the outside (e.g. from your local machine or another hosting provider) - a public one.

I'd suggest to look at rds instance security groups, keeping in mind this fact.

1
votes

I've had this problem when we put our "publicly accessible" RDS instance in a private subnet by mistake. AWS will let you do this even though it doesn't really make sense.

Double check that your RDS instance is in a public subnet (i.e. a subnet with a route to an Internet Gateway).

0
votes

I was getting timeout errors.

I figured out the problem - the relevant route tables for both of the related VPCs had broken routes to the VPC Peering Connection (reported in the AWS Console as a "Blackhole"). I was able to connect to the RDS instance using the RDS "endpoint" address after creating new routes (pointing towards the other VPC) for each VPC's main route table.

Thank you to everyone for the suggestions.