By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

External connection to RDS

0

I am unable to configure my Postgres RDS Database/VPC security groups in the proper way to allow connection from my local machine.

When I telnet from a connected EC2 instance, I enter the telnet client. When I try to do that on my local machine, the connection times out.

In terms of RDS settings, on the configuration page:

  • Publicly accessible = "Yes"
  • Security group rules show CIDR/IP = Inbound for 0.0.0.0/0 and [my IP address] (in addition to the EC2 Security Group)

Based on everything I've researched so far, these are the two settings that need to change to allow a connection from outside of the VPC. Any advice on other settings to adjust? I feel confident that I have the endpoint and port correct since I was able to telnet from the EC2 instance. Thanks!

Topics
Networking & Content DeliveryMigration & ModernizationAnalyticsDatabase
Tags
Amazon VPCAmazon Relational Database ServiceSecurity Group
Language
English
TrafficScone
asked a month ago292 views
2 Answers
3
Accepted Answer

Hello.

To connect to RDS using public access, you must also check whether the subnets in the subnet group that RDS is using are configured with public subnets.
That is, the subnet's route table must have a route to the Internet gateway.
The points to check are listed in the document below.
https://repost.aws/knowledge-center/rds-connectivity-instance-subnet-vpc

Setting up RDS with public access is not recommended for security reasons, so please consider connecting via port forwarding using Systems Manager's Session Manager using the configuration described in the AWS blog below.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/

profile picture
EXPERT
Riku_Kobayashi
answered a month ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
profile pictureAWS
EXPERT
AWS-User-alantam
reviewed a month ago
  • TrafficScone
    a month ago

    Thank you for the guidance on best practices. Was able to connect via port forwarding with Systems Manager's Session Manager according to the link you shared. Thanks!

1

As correctly recommended in previous answer, opening your RDS instance to the internet (0.0.0.0/0) is generally not recommended for security reasons. It's better to restrict access to trusted IP addresses or use a secure connection method like a bastion host. Having said that,

  1. Check the RDS logs for any connection errors or clues that might help you identify the issue.
  2. Make sure that the RDS security group has an inbound rule that allows incoming traffic on port 5432 from your local machine's IP address or a range of IP addresses that includes your local machine's IP address.
  3. Verify that the Network ACL (NACL) associated with your RDS instance's subnet allows inbound traffic on port 5432 from your local machine's IP address or a range of IP addresses that includes your local machine's IP address.
  4. Make sure that your local machine's firewall is not blocking outgoing connections on port 5432. If you can connect to the RDS instance from an EC2 instance within the same VPC but not from your local machine, it could be an issue with your local machine's network or firewall settings.
Ashpin
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content