By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot Connect MySQL Workbench to RDS

0

I had a connection that previously worked fine that I have not used in some time. My internet service provider uses Dynamic IP's, so I have to continually update Inbound Routes. I now cannot get connected using any method including Boto3 or MySQL Workbench. I have added my current IP to the Inbound Routes as well as the CIDR range of XX.XX.00.00/32. I have also tried to allow all traffic from all IP addresses. I have set up Security Groups, tied them to my RDS VPC and made my database publicly available on all IPs. My database is up and Available. I suspect there is a problem with either the VPC being properly connected to subnet routes or Internet Gateway, but I will never figure that out with the AWS documentation. I have spent an entire day on this. On a related topic, the system has created a number of Security Groups for Sagemaker, Amplify, EC2 and other services I have tried. I am concerned that perhaps some of these are causing conflicts - I cannot delete even though I have not used the service and deleted the applications.

Topics
Networking & Content DeliveryDatabase
Tags
Amazon VPCNetworking & Content DeliveryMySQL
Language
English
Brett
asked 8 months ago391 views
2 Answers
0

Hello.

Is RDS launched in a public subnet and has public access enabled?
If public access is enabled, you can check the global IP address by resolving the name of the RDS endpoint.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Hiding

As an aside, it is not good security to place RDS directly in a public subnet.
Therefore, we recommend accessing using Session Manager's port forwarding function, etc., as shown in the document below.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/

profile picture
EXPERT
Riku_Kobayashi
answered 8 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 8 months ago
0

To answer your last point first, new security groups won't interfere like you suggest, i.e. they won't close a port that was previously open (it's the other way round - the only change they can make is to open a port that was previously closed).

@Riku's point about not having the RDS database in a publiuc subnet is very good advice. The RDS instance wil be running in a subnet group, and if it needs to be accessible from the internet then every subnet that makes up that subnet group must have a route to the internet gateway in its routing table https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-internet-gateway

It may be useful here to use Reachability Analyser https://docs.aws.amazon.com/vpc/latest/reachability/getting-started.html

Be aware that this isn't free, it's about 10c per use -see the Network Analysis tab of https://aws.amazon.com/vpc/pricing/

profile picture
EXPERT
Steve_M
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content