Cannot connect to RDS(postgres) from EC2 via application code

Question

Hello there,

I have trouble connecting to RDS postgres via application code that is running on an EC2 instance.

The error message is "dial tcp 172.31.16.127:5432: connect: connection refused"

172.31.16.127 is the private IP of EC2 instance.

However I am able to connect to the same RDS instance via EC2 command line (SSH)
from command line: psql --host=AWS_ENDPOINT_NAME --user=postgres --port=5432

SETUP
I have ensured the following:
- both ec2 and rds instance are in same VPC

this was automated during RDS setup:
- EC2 security group outbound rule on TCP port 5432 especially for RDS instance
- RDS security group inbound rule to allow EC2 security group access

my code (golang):

connString := fmt.Sprintf("host=%s dbname=%s user=%s password=%s port=5432 sslmode=disable", HOSTNAME, DATABASE_NAME, USERNAME, PASSWORD)
conn, err := sql.Open("postgres", connString)
if err != nil {
   log.Fatal(err.Error())
}

err = conn.Ping(). // <---- error occurs this line
if err != nil { 
   log.Fatal(err.Error()) 
}

Question
is there anything I am missing out?

re:Post Agent · Accepted Answer

Based on the information provided, there are a few potential issues that could be causing your connection problem:

1. Incorrect host in connection string: The error message suggests you're trying to connect to the EC2 instance's private IP (172.31.16.127) instead of the RDS endpoint. Make sure your HOSTNAME variable in the connection string is set to the RDS endpoint, not the EC2 IP address.

2. Security group configuration: Although you mentioned setting up the security groups, double-check that the RDS security group allows inbound traffic on port 5432 from the EC2 instance's security group or private IP address.

3. Network ACLs: Ensure that the Network ACLs associated with the subnets of both your EC2 instance and RDS instance allow the necessary traffic.

4. RDS instance accessibility: Verify that your RDS instance is not set to be publicly accessible if you're trying to connect via private IP.

5. Database name: Ensure the DATABASE_NAME in your connection string matches an existing database on your RDS instance.

6. Firewall or security software: Check if there's any firewall or security software on your EC2 instance that might be blocking outgoing connections to port 5432.

To troubleshoot:

1. Try using the RDS endpoint instead of the EC2 IP in your connection string.
2. Verify all security group and NACL settings.
3. Check if you can telnet to your RDS instance on port 5432 from your EC2 instance.
4. Enable enhanced logging on your RDS instance to get more detailed error information.
5. Temporarily allow all inbound traffic to your RDS instance (for testing purposes only) to rule out security group issues.

If these steps don't resolve the issue, you may need to review your VPC configuration, ensure your route tables are correctly set up, and possibly enable RDS logs for more detailed error information.  
**Sources**  
[Troubleshooting connections to your RDS for PostgreSQL instance - Amazon Relational Database Service](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToPostgreSQLInstance.Troubleshooting.html)  
[Troubleshooting connection issues to your Amazon RDS DB instance - Amazon Relational Database Service](https://docs.aws.amazon.com/AmazonRDS/latest/gettingstartedguide/connecting-troubleshooting.html)  
[Why can't I access my RDS? | AWS re:Post](https://repost.aws/questions/QUVqoDcPJ8Q96eoJnZuq6Nlw/why-can-t-i-access-my-rds)

Agnes Olorundare · Answer

True.
I see from the error message that the application is trying to send requests to the same instance where it's hosted on the PostgrSQL port (5432).

Cannot connect to RDS(postgres) from EC2 via application code

Relevant content