Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Can't connect to RDS database from remote

0

Hello Community,

I'm not able to connect my newly created publicly accessible rds Mysql database from my local computer.

My VPC Configurations:

  1. There is public and private subnet
  2. In public route table public subnets are associated and there is 0.0.0.0/0 route through internet gateway
  3. In private route table private subnets are associated and there is 0.0.0.0/0 route through NAT gateway

RDS Configurations:

  1. Above VPC is selected during DB creation
  2. Created Subnet Group (I can see that all public and private subnets in subnet group)
  3. Selected RDS in publicly accessible mode
  4. Allowed 0.0.0.0/0 in rds security group

Now when RDS database is created I can see that it is getting IP from my private subnet although I selected RDS to be used publicly accessible. I have other databases which was created previously with same configuration and vpc. They are getting IP from public subnet. They are accessible from remote location without VPN connectivity. Please help how can I overcome this issue?

Thank you!

Themen
Migration und ModernisierungAnalysenDatenbank
Tags
Amazon Relational Database ServiceDatenbank
Sprache
English
Jayed
gefragt vor 2 Jahren1076 Aufrufe
1 Antwort
1

If the subnet the instance is launched in is private, it will be unreachable from the Internet even if you enable "publicly accessible" for the instance. You need to launch in a public subnet in order for the instance to be assigned a public IP. If you have both types of subnet in your subnet group, and RDS picks a public one for an instance, it will work. If you remove the private subnets from the group it will only ever launch in the public ones.

However, I'd strongly recommend against public-facing RDS instances open to 0/0 in the security group. If you must have it publicly accessible, I'd advise scoping that rule down to your current external IP (you can visit https://checkip.amazonaws.com/ to find out what it is).

You could remove the requirement for the instance to have a public IP at all (for you to be able to connect to it) with Systems Manager Session Manager's port forwarding feature.

profile pictureAWS
EXPERTE
James_S
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt