How do I resolve issues with an Amazon RDS DB in an incompatible network state?

5 minute read

I want to resolve issues with an Amazon Relational Database Service (Amazon RDS) DB instance in an incompatible network state.

Short description

If your Amazon RDS DB instance is in the incompatible-network state, then one of the following scenarios is occurring:

  • There are no available IP addresses in the subnet that the DB instance was launched into.
  • The subnet that's mentioned in the Amazon RDS DB subnet group no longer exists in the Amazon Virtual Private Cloud (Amazon VPC).
  • The RDS DB instance is publicly accessible, but the DNS hostnames and DNS resolution options are turned off. Both options must be turned on for an RDS DB instance to be publicly accessible.
  • You reached your service quota for elastic network interfaces in your AWS Region, and you must request a service quota increase.

Your DB instance might be in the incompatible-network state because you took one of the following actions:

  • Modified the DB instance's class
  • Modified the DB instance to use a Multi-AZ deployment
  • Replaced a host because of a maintenance event
  • Launched a replacement DB instance
  • Created a new DB instance after you reached the quota for the elastic network interfaces
  • Restored the DB instance from a snapshot backup
  • Started a DB instance that was stopped

For more details about why your DB instance is in the incompatible-network state, see Viewing Amazon RDS events.


Note: The incompatible-network state means that the DB instance might still be accessible at the database level, but you can't modify or reboot it. It's a best practice to have a backup, such as a snapshot or logical, so that you can restore the data to another DB instance.

To resolves issues with an Amazon RDS database in an incompatible-network state, use either the AWSSupport-ValidateRdsNetworkConfiguration runbook or the AWS Management Console.

Use the AWSSupport-ValidateRdsNetworkConfiguration runbook

To identify why your Amazon RDS instance is in an incompatible-network state, use the AWSSupport-ValidateRdsNetworkConfiguration runbook. To avoid the incompatible-network state, use this runbook when you perform any modifications or start a stopped instance.

Note: Before you begin the AWSSupport-ValidateRdsNetworkConfiguration runbook, make sure that your AWS Identity and Access Management (IAM) user or role has the required permissions. For more information, see the Required IAM permissions section of AWSSupport-ValidateRdsNetworkConfiguration.

Complete the following steps:

  1. Sign in to the AWS Systems Manager console and access the AWSSupport-ValidateRdsNetworkConfiguration runbook.
  2. Choose Execute automation.
  3. Enter the following values:
    For AutomationAssumeRole, enter the ARN of the IAM role that allows automation to perform actions on your behalf. If a role isn't specified, then Automation uses the permissions of the user that starts the runbook.
    For DBInstanceIdentifier, enter the Amazon RDS Instance Identifier for your Amazon RDS instance.
  4. Choose Execute.
  5. After the automation completes, review the detailed results in the Outputs section. The parameter generateReport.Report shows a consolidated report of all the checks that are performed as part of this runbook.
  6. (Optional) For additional actions, check the ### [Next Steps] section of the output report for further troubleshooting.

Use the AWS Management Console

  1. Open the Amazon RDS console.
  2. In the navigation pane, choose Databases.
  3. Select the DB instance that's in an incompatible-network state, and then note the VPC ID and subnet IDs from the Connectivity & Security pane.
  4. Open the Amazon VPC console, and then in the navigation pane choose Your VPCs.
  5. Select the VPC, and then choose Actions.
  6. Choose Edit DNS hostnames. If DNS hostnames isn't turned on, then select Enable.
  7. For Your VPCs, select the VPC, and then choose Actions.
  8. Choose Edit DNS resolution. If the DNS resolution isn't turned on, then select Enable.
  9. In the navigation pane, choose Subnets. Confirm that all the subnets are listed and have available IP addresses.
  10. Open the Amazon Elastic Compute Cloud (Amazon EC2) console, and then check if you reached the quota for elastic network interfaces. Request a service quota increase if needed.
    Note: For more information on quotas for network interfaces per Region, see Network interfaces.

Note: Your instance can be in the incompatible-network state when RDS can't allocate your IP address in the following scenarios:

  • You're using Amazon RDS on AWS Outposts.
  • You activate the Customer-owned IP (CoIP) address setting.

To resolve an RDS DB instance that's in the incompatible-network state, verify that you turned on automated backups for your DB instance. If you turned on automated backups, then temporarily stop any writes to the database and perform a point-in-time recovery (PITR).
If you didn't turn on automated backups, then create a new DB instance. Then, use AWS Database Migration Service (AWS DMS) or a backup and restore tool to migrate the data. You can use a tool such as, mysqldump, pg_dump, or expdp / impdp.

Important: After an instance enters the incompatible-network state, the DB instance might not be accessible at the DB level to perform a logical backup.

Related information

Viewing Amazon RDS DB instance status

Working with an Amazon RDS DB instance in a VPC

How can I fix an Amazon RDS DB instance that is stuck in the incompatible-parameters status?

AWS Support Automation Workflows (SAW)

Running an automation

Setting up Automation