- Newest
- Most votes
- Most comments
Did the public IP address change during the instance upgrade, and if it did are you definitely connecting to the new public IP?
Would there be any firewall rules in place that might be blocking access to the new public IP (if indeed there is one)?
You mention that the application uses a proxy that's still working well, is this RDS Proxy or a non-AWS proxy? And is this connecting to the public or private IP of the RDS instance?
There are a lot more useful troubleshooting steps here https://repost.aws/knowledge-center/rds-ip-address-issues
Hello.
Can you check the public IP address if you resolve the name of the RDS endpoint using the command below?
Also, are all the subnets in the subnet group public subnets?
If it is not a public subnet, try adding a route to the Internet gateway to your route table.
nslookup RDS-Endpoint
This is not related to this issue, but it is not a good idea for security to make the database publicly accessible.
We recommend that you change the configuration as shown in the document below and use the port forwarding feature of Systems Manager Session Manager.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/
Thanks for the reply!
Yes, running nslookup does return an IP address - I will take a look at the document you have provided as well.
By the way, has the IP address of the connection source changed?
I don't believe so but where can I confirm that? I have always used the endpoint provided in the details when I need to access directly.
You can check the global IP address you are using with the following command. Please check whether this IP address is allowed by the inbound rules of the security group configured in RDS.
curl ifconfig.io -4It is - I also added my ip to the inbound rules to test
Relevant content
- Accepted Answerasked a year ago
- asked 5 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
I use the provided endpoint to connect and not the IP of the db so I do not know if the IP changed after the upgrade.
Yes - the proxy is an RDS proxy. For the public/private IP that it is connected to - I believe it is the private IP but where can I look to confirm that?
As RDS Proxy is not publicly accessible, it must be using the private IP.
Your connection tool uses the public IP though, yes?
Did the endpoint name change as part of the update, and if it did is your connection tool definitely using the updated endpoint name to attempt to connect?
The connection tool uses the endpoint provided by rds - so its the name and ends with <region>.rds.amazonaws.com
After upgrading, the endpoint remains the same as it was before and I have ensured this by copying the value again from the console and trying to test the connection with that and still getting the timeout
So at this point: the subnets that comprise the subnet group haven't changed, the security group rules haven't changed, the endpoint address hasn't changed, and there aren't any firewall rules between you and the endpoint. The app can still talk to the DB using RDS proxy (private), but you can't connect to the DB (public).
Consider looking at reachability analyser which should be able to show exactly how far the connection is getting before it drops https://aws.amazon.com/blogs/database/troubleshoot-network-connectivity-to-amazon-rds-databases-using-vpc-reachability-analyzer/
At this point I am leaning towards the issue being related to the status being Storage-optimization stuck at 0% after 6+ hours. What causing the optimization to get stuck at 0 percent?