- Newest
- Most votes
- Most comments
Routing done by VPC cannot be the issue, because all destinations within a single VPC are hardwired to be directly reachable via a local route that cannot be overridden. Only the route table of the operating system on the bastion host could have an effect. The VPC-level mechanisms for blocking the traffic would be NACLs (which by default permit all traffic, and you said those are not changed) and the security groups, where the connections have to be permitted in two places: 1) in an outbound rule on one of the security groups attached to your bastion host and 2) in an inbound rule on the security group attached to your RDS instance.
You mentioned having the inbound rule in place (assuming that your RDS instance is listening on port 3306), so you might want to check that the corresponding outbound connections are permitted from the bastion host towards the RDS instance's security group. Any local software firewall you might have running on the bastion host may also restrict outbound traffic for tcp/3306.
The error message sounds more like a DNS resolution issue. You said you tested name resolution by pinging the DNS name, but just to be sure, you could narrow the problem down by doing a telnet to port 3306 on the IP address of the RDS instance. If that doesn't work, then something is failing at the network level. Since routing is not an issue within a VPC, the places to permit the MySQL traffic would be: 1) outbound rules on the bastion host's local software firewall, 2) outbound rules in the bastion host's security group, 3) NACLs attached to the subnets hosting the bastion host and the RDS instance (with default NACLs permitting all traffic in all directions), and 4) inbound rules on the RDS instance's security group.
If telnetting to the IP address works, then you either have a DNS problem (try adding a dot to the end of the name to specify it's a FQDN and prevent any DNS suffixes from being appended), or the MySQL driver/library/client app requires a different syntax for specifying the destination (such as by specifying the port number explicitly).
Hi LeoMk,
thank you very much for replying!
I made the most stupid mistake, damn!
I had to exclude the port from the 'host' parameter in my mysql connection statement.
You saved me a lot of trouble :)
Relevant content
- asked 2 years ago
- asked 8 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago