By using AWS re:Post, you agree to the Terms of Use

Lost RDS Public Access


I was normally accessing my RDS DB instance through public access until I set up RDS Proxy and I just can't access the DB externally anymore (but it still works inside the network and accessible by the lambda functions). What can I do to re-establish my external access to my instance in RDS?

4 Answers
Accepted Answer

Hello Dan-IQ, if your use case is mainly DB administration and/or access from your local machine, I'd like to recommend a much safer access option to you that doesn't expose your precious database to the public Internet:

AWS Systems Manager recently added support for port forwarding to remote hosts using Session Manager.

You will need AWS CLI v2 on your local machine and an EC2 instance with AWS SSM (as a "Bastion Server") for that. This could be an existing instance in case you want to avoid the extra effort. This instance will then be the man-in-the-middle that forwards the database port out of a private subnet to your local machine.

You then basically connect like this from your local machine (PowerShell example):

aws ssm start-session `
    --target i-yourEC2instanceIdHere `
    --document-name AWS-StartPortForwardingSessionToRemoteHost `
    --parameters host="",portNumber="3306",localPortNumber="3306"

... then run your preferred MySQL tool and open a connection to "localhost:3306".

HTH, Uwe

profile picture
answered a month ago
  • Although I still want to understand why I lost the external access I had, I was able to connect to the database using this solution! Thanks!

  • Thanks for the feedback, Dan-IQ, much appreciated. As for the reason of the sudden loss of external access, I can only guess. Could it be that along the way of setting up RDS Proxy, the public IP of the DB got turned off or restrictive security settings were added (e.g., by CF templates)?

  • With a recent update to the AWS Database Blog, the above method is described extensively. The example environment is MSSQL, but can be easily applied to other database engines (or any port forwarding after all).


RDS proxy isn't publicly accessible (your database may still be) so you may have to use SSH Tunneling, or if your client is from a corporate network, then Direct Connect or Site-to-Site VPN are options.

answered a month ago

The point is I don't want to connect directly to RDS Proxy. I want to directly connect to my RDS MySQL instance as I usually did before RDS Proxy be implemented.

answered a month ago

Hi , you can change from RDS console additional setting and click on publicly accessible , make sure in Security Group you have whitelisted your public IP

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions