connect to mysqlRDS instance from local workstation

Question

Hi team,

I'm trying to connect to my RDS MySQL aurora instance via DBeaver from my local machine via SSM following this article :

https://aws.amazon.com/blogs/database/securely-connect-to-an-amazon-rds-or-amazon-ec2-database-instance-remotely-with-your-preferred-gui/?fbclid=IwAR0AYyKOfbWGixDBgyZlsJ8ikAnOgbcHPlB4XcGrov0vh63JkAQGcNslLHc

when I run the command

`aws ssm start-session --target ...`

I have this message :

```
Starting session with SessionId: user.user@dom0d4ede5d4d251sd37c
Port 3306 opened for sessionId user.user@dom-0w4cde734x221e91c.
Waiting for connections...
```
in DBeaver I put the cluster endpoint, the port number, the username and the password I have this message from DBeaver :

```
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
  connect timed out
```

I'm not sure if it's due to ssm endpoint, 
I tried to create SSM endpoint following this article :

https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html

```
To create VPC endpoints for Systems Manager

In the first step of this procedure, you create three required and one optional interface endpoints for Systems Manager. 
Follow the steps in Create an interface endpoint to create the following interface endpoints:

1 - com.amazonaws.region.ssm – The endpoint for the Systems Manager service.

2 - com.amazonaws.region.ec2messages – Systems Manager uses this endpoint to make calls from SSM Agent to the Systems Manager service.

3 - com.amazonaws.region.ec2 –
```

the endpoint failed to create :

```
status = Failed
Status message = 
private-dns-enabled cannot be set because there is already a conflicting DNS domain for ec2messages.region.amazonaws.com in the VPC vpc-wee1287dvhdvvsj

Status message = 
private-dns-enabled cannot be set because there is already a conflicting DNS domain for ssm.region.amazonaws.com in the VPC vpc-wee1287dvhdvvsj
```

>only this endpoint : 	com.amazonaws.ca-central-1.ec2 was created successfully 
I'm not sure if the timeout I get is due to the SSM endpoints.

any idea would help,

thank you!

Accepted Answer

I put  "localhost" as  hostname in DBeaver instead of the RDS cluster DNS name I put initially and it works for me

Answer

You usually get this error when:
- You already have an interface VPC endpoint for the same service in your VPC.
- Your VPC is already associated with a private hosted zone that covers the intended service name. Here is more details: https://aws.amazon.com/premiumsupport/knowledge-center/vpc-interface-endpoint-domain-conflict/
To troubleshoot : Have you enabled DNS hostname and DNS resolution on your VPC? Also Do you have Inbound HTTPS traffic allowed on your security group rules? Please also make sure you put a correct custom policy for your endpoint ( the policy listed on the documentation is just an example but you'd need a broader policy that allow ec2messages, ssm, ssmmessages). Please update me with the following and I can help more.

connect to mysqlRDS instance from local workstation

Contenus pertinents