For the Aurora database
1. click on Services->RDS 2. Click on Databases 3. Click on the DB identifier for the Aurora instance 4. Write down the following information: Endpoint : Port: VPC: VPC security groups: Public accessibility subnet group: Subnets: 5. Click on the link for the VPC security groups 6. click on the Inbound tab and write down what protocols/Port Range/Sources are allowed. Note: 3306 should be one of the allowed ports. If NO, then Click the Edit button, Click Add Rule, 3306 for the Port range and for the source enter 0.0.0.0/0 (for now... later, you can lock down the IP to the Bastion server's private IP address, but let's see if you can first connect). 7. See if you can now connect.
FYI: I verified that I was able to connect from my desktop through a Bastion server.
I will try to help you debug more, if after you follow the above steps, you are still having problems connecting.
vpc security group: AuroraForStripcallSG (sg-05c0596e84b978312)
( active )
There is no setting for "public availability"
Subnet group stripcallgroup
The default VPC security grouo inbound rules are:
All traffic All All sg-e5a25ebd (default)
MYSQL/Aurora TCP 3306 220.127.116.11/32
MYSQL/Aurora TCP 3306 18.104.22.168/24
I added an inbound rule for 0.0.0.0/0
That helped. "Test Connection" in Workbench worked.
However: Your connection attempt failed for user 'admin' to the MySQL server at stripcallcluster-1.cluster-cc53mewxcxrb.us-east-1.rds.amazonaws.com:3306:
Lost connection to MySQL server during query
I waited an hour and tried again, and this time it succeeded, so I actually have Workbench connected and running to the database.
So at least part of the problem is that I need an inbound rule for the Bastion Host. How do I construct that correctly?
Double check your Aurora database instance for "public availability". It should be in the right hand column side of the properties. It should hopefully be "no".
As you mentioned, you will need to add your Bastion server's private IP address to the Security Group. So you will first
1. Services->EC2 2. Click on Instances 3. Click on your Bastion Server instance 4. In the Description tab, on the right hand side column, there will be an Private IP address in the row, Private IPs. Copy this IP address. Then follow the directions in my earlier message, and instead of 0.0.0.0/0, put the <IP address>/32. For example, if your IP address was 172.31.46.221, then enter 172.31.46.221/32
Okay, so that worked, and Workbench has access with the /32. Thank you very much.
I still don't see the public availabilty setting.
I go to RDS Services->Databases. Select my database. I have a summary, with no Public Availability
I have tabs for Connectivity & security
Logs & events
Maintenance & backups
I look in Connectivity and security and see a security heading on the right, but all it has is the security groups.
I look at Configuration and it has an Availability column, but the only things in that column are IAM db authentication, user name and password.
Dunno where else to look.
I'm closing this. I did get it to work, but there are so many issues in setting up Aurora Serverless to work with Lambda, I've given up entirely and started all over with DynamoDB. This application is a much better fit with a small relational DB, but the complications in using Aurora Serverless with Lambda is way, way too daunting. Thanks again for your help.
Bastion host service from AWS that supports multi cloud environments.Accepted Answerasked 3 years ago
Connecting Managed Grafana to Aurora PostgreSQL RDS database on a private subnetasked 3 months ago
CDK: Moving Bastion Host to Isolated Network
Bastion Host (Public Subnet) unable to reach RDS (Private Subnet) in my VPCasked 2 years ago
Bastion Host vs Session Manager vs AWS AppStreamAccepted Answerasked 3 years ago
Make aurora serverless accessible from the internetasked 3 years ago
Placing a Bastion in a Private Isolated Subnet
Can't connect to Aurora cluster from AWS Bastion Hostasked 3 years ago
add new DB inside aurora clusterAccepted Answerasked a year ago
Can we create a Table in Aurora during the infra setup using terraform IaaC code ?Accepted Answerasked 7 months ago