Is RDS launched in a public subnet and has public access enabled?
If public access is enabled, you can check the global IP address by resolving the name of the RDS endpoint.
As an aside, it is not good security to place RDS directly in a public subnet.
Therefore, we recommend accessing using Session Manager's port forwarding function, etc., as shown in the document below.
To answer your last point first, new security groups won't interfere like you suggest, i.e. they won't close a port that was previously open (it's the other way round - the only change they can make is to open a port that was previously closed).
@Riku's point about not having the RDS database in a publiuc subnet is very good advice. The RDS instance wil be running in a subnet group, and if it needs to be accessible from the internet then every subnet that makes up that subnet group must have a route to the internet gateway in its routing table https://docs.aws.amazon.com/vpc/latest/userguide/route-table-options.html#route-tables-internet-gateway
It may be useful here to use Reachability Analyser https://docs.aws.amazon.com/vpc/latest/reachability/getting-started.html
Be aware that this isn't free, it's about 10c per use -see the Network Analysis tab of https://aws.amazon.com/vpc/pricing/
- asked 3 months ago
- asked a month ago
- How do I troubleshoot access errors that I receive when I try to connect to my Amazon RDS or Amazon Aurora MySQL DB cluster?AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- Amazon Managed Grafana now supports connection to data sources hosted in Amazon Virtual Private CloudEXPERTpublished 10 months ago