- Newest
- Most votes
- Most comments
It was challenging, but after numerous retries, I finally found the solution.
RDS has its own Subnet Groups, which by default include all subnets in the VPC (both public and private). My initial assumption—supported by ChatGPT—was that enabling Publicly Accessible would place the RDS instance in one of the public subnets within the RDS Subnet Group. However, as it turns out, RDS doesn't prioritize public subnets and seems to select a random subnet, which in my case ended up being a private one.
The Solution (for cases where the RDS instance needs internet exposure):
- Create a custom RDS Subnet Group containing only the public subnets from your VPC.
- Select this custom RDS Subnet Group when restoring the database from a snapshot.
- Create a new Security Group (for better organization) and configure it to allow inbound traffic to port
3306
from the internet. - Assign both the new Security Group and the default VPC Security Group (which routes public subnets through the Internet Gateway via the routing table) to the RDS instance.
- Done! The RDS instance is now properly exposed to the internet.
Based on the information provided, it seems you've taken most of the necessary steps to ensure connectivity to your new RDS MySQL instance in Region 2. However, there are a few additional points to consider:
-
Verify that the DB instance in Region 2 is indeed in a public subnet. Even if the instance is marked as "Publicly Accessible," it needs to be in a subnet that's configured to be public.
-
Double-check that the security group associated with the RDS instance in Region 2 is correctly applied. Sometimes, the default security group might be used instead of the one you've configured.
-
Ensure that your local IP address hasn't changed. You can verify your current public IP address by visiting a service like checkip.amazonaws.com.
-
Try temporarily allowing all inbound traffic to port 3306 in the security group (0.0.0.0/0) to rule out any IP-related issues. Remember to revert this change after testing.
-
Check if there are any VPC peering connections or VPN configurations that might be interfering with the direct connection from your local machine.
-
Verify that the DB instance in Region 2 is in the "Available" state and not undergoing any maintenance or modifications.
-
If possible, try connecting from an EC2 instance within the same VPC as the RDS instance to isolate whether the issue is specific to your local connection or a broader networking problem.
-
Review the DB instance's parameter group to ensure there are no settings restricting connections from certain IP ranges.
If none of these suggestions resolve the issue, you may want to check the RDS logs for any error messages related to connection attempts. Additionally, consider opening a support ticket with AWS if the problem persists, as there might be a region-specific networking issue that requires their attention.
Sources
Troubleshooting connections to your MySQL DB instance - Amazon Relational Database Service
Trouble connecting to my RDS database from local machine during testing | AWS re:Post
Connecting to a DB instance running the MySQL database engine - Amazon Relational Database Service
Cannot connect to MySQL db | AWS re:Post
Two things come to mind:
- My services that using this DB can successfully connect to it
Are these services internal to the VPC into which the database has been recovered (or in a peered VPC)? Or are they completely external?
Route table configured 0.0.0.0/0 -> Internet Gateway
This has to be true for every subnet that comprises the subnet group. Can you check that is holds true for all of them.
The GenAI answer suggested logging a support ticket, although I guess if you could do that you wouldn't have posted here first. If you're stuck it may be useful to use Reachability Analyser https://docs.aws.amazon.com/vpc/latest/reahability/getting-started.html
Be aware that this isn't free, it's about 10c per use - see the Network Analysis tab of https://aws.amazon.com/vpc/pricing/
Relevant content
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Checked these 8 items before and double checked them now - did not helped