By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't connect to RDS database from remote

0

Hello Community,

I'm not able to connect my newly created publicly accessible rds Mysql database from my local computer.

My VPC Configurations:

  1. There is public and private subnet
  2. In public route table public subnets are associated and there is 0.0.0.0/0 route through internet gateway
  3. In private route table private subnets are associated and there is 0.0.0.0/0 route through NAT gateway

RDS Configurations:

  1. Above VPC is selected during DB creation
  2. Created Subnet Group (I can see that all public and private subnets in subnet group)
  3. Selected RDS in publicly accessible mode
  4. Allowed 0.0.0.0/0 in rds security group

Now when RDS database is created I can see that it is getting IP from my private subnet although I selected RDS to be used publicly accessible. I have other databases which was created previously with same configuration and vpc. They are getting IP from public subnet. They are accessible from remote location without VPN connectivity. Please help how can I overcome this issue?

Thank you!

Topics
Migration & ModernizationAnalyticsDatabase
Tags
Amazon Relational Database ServiceDatabase
Language
English
Jayed
asked 2 years ago1059 views
1 Answer
1

If the subnet the instance is launched in is private, it will be unreachable from the Internet even if you enable "publicly accessible" for the instance. You need to launch in a public subnet in order for the instance to be assigned a public IP. If you have both types of subnet in your subnet group, and RDS picks a public one for an instance, it will work. If you remove the private subnets from the group it will only ever launch in the public ones.

However, I'd strongly recommend against public-facing RDS instances open to 0/0 in the security group. If you must have it publicly accessible, I'd advise scoping that rule down to your current external IP (you can visit https://checkip.amazonaws.com/ to find out what it is).

You could remove the requirement for the instance to have a public IP at all (for you to be able to connect to it) with Systems Manager Session Manager's port forwarding feature.

profile pictureAWS
EXPERT
James_S
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content