By using AWS re:Post, you agree to the AWS re:Post Terms of Use

RBD connectivity from my local IP issues

0

Hi,

I doing migration of my AWS infrastructure to the another region and currently experiencing issue with connecting to one of my MySQL database from my local laptop.

What I did:

  1. Created an snapshot of my database at the Region 1 I'm trying to migrate from
  2. Copied snapshot to the new Region 2
  3. At the Region 2 I've restored snapshot into the database instance
  4. My services that using this DB can successfully connect to it
  5. Database is set as Publicly Accessible
  6. Security Group Configuration allows 3306 traffic from my IP
  7. No specific Network ACLs
  8. Route table configured 0.0.0.0/0 -> Internet Gateway
  9. I have no specific firewall rules locally (and I've can connect to my previuse DB)

Connection test

  1. I've opened a 3306 port to the my IP as usual ---.---.---.---/32 and tried to connect but did not succeed.
  2. I've checked connection to the database via nc -zv database.old.region-2.rds.amazonaws.com 3306 and it returned: failed: Operation timed out
  3. I've checked connection to the database at the Region 1 via nc -zv database.new.region-1.rds.amazonaws.com 3306 and it returned: 3306 [tcp/mysql] succeeded!

I'm run out of options - what did I missed?

3 Answers
1
Accepted Answer

It was challenging, but after numerous retries, I finally found the solution.

RDS has its own Subnet Groups, which by default include all subnets in the VPC (both public and private). My initial assumption—supported by ChatGPT—was that enabling Publicly Accessible would place the RDS instance in one of the public subnets within the RDS Subnet Group. However, as it turns out, RDS doesn't prioritize public subnets and seems to select a random subnet, which in my case ended up being a private one.

The Solution (for cases where the RDS instance needs internet exposure):

  1. Create a custom RDS Subnet Group containing only the public subnets from your VPC.
  2. Select this custom RDS Subnet Group when restoring the database from a snapshot.
  3. Create a new Security Group (for better organization) and configure it to allow inbound traffic to port 3306 from the internet.
  4. Assign both the new Security Group and the default VPC Security Group (which routes public subnets through the Internet Gateway via the routing table) to the RDS instance.
  5. Done! The RDS instance is now properly exposed to the internet.
answered 11 days ago
profile picture
EXPERT
reviewed 11 days ago
1

Based on the information provided, it seems you've taken most of the necessary steps to ensure connectivity to your new RDS MySQL instance in Region 2. However, there are a few additional points to consider:

  1. Verify that the DB instance in Region 2 is indeed in a public subnet. Even if the instance is marked as "Publicly Accessible," it needs to be in a subnet that's configured to be public.

  2. Double-check that the security group associated with the RDS instance in Region 2 is correctly applied. Sometimes, the default security group might be used instead of the one you've configured.

  3. Ensure that your local IP address hasn't changed. You can verify your current public IP address by visiting a service like checkip.amazonaws.com.

  4. Try temporarily allowing all inbound traffic to port 3306 in the security group (0.0.0.0/0) to rule out any IP-related issues. Remember to revert this change after testing.

  5. Check if there are any VPC peering connections or VPN configurations that might be interfering with the direct connection from your local machine.

  6. Verify that the DB instance in Region 2 is in the "Available" state and not undergoing any maintenance or modifications.

  7. If possible, try connecting from an EC2 instance within the same VPC as the RDS instance to isolate whether the issue is specific to your local connection or a broader networking problem.

  8. Review the DB instance's parameter group to ensure there are no settings restricting connections from certain IP ranges.

If none of these suggestions resolve the issue, you may want to check the RDS logs for any error messages related to connection attempts. Additionally, consider opening a support ticket with AWS if the problem persists, as there might be a region-specific networking issue that requires their attention.

Sources
Troubleshooting connections to your MySQL DB instance - Amazon Relational Database Service
Trouble connecting to my RDS database from local machine during testing | AWS re:Post
Connecting to a DB instance running the MySQL database engine - Amazon Relational Database Service
Cannot connect to MySQL db | AWS re:Post

profile picture
answered 12 days ago
profile picture
EXPERT
reviewed 11 days ago
profile picture
EXPERT
reviewed 11 days ago
  • Checked these 8 items before and double checked them now - did not helped

0

Two things come to mind:

  1. My services that using this DB can successfully connect to it

Are these services internal to the VPC into which the database has been recovered (or in a peered VPC)? Or are they completely external?

Route table configured 0.0.0.0/0 -> Internet Gateway

This has to be true for every subnet that comprises the subnet group. Can you check that is holds true for all of them.

The GenAI answer suggested logging a support ticket, although I guess if you could do that you wouldn't have posted here first. If you're stuck it may be useful to use Reachability Analyser https://docs.aws.amazon.com/vpc/latest/reahability/getting-started.html

Be aware that this isn't free, it's about 10c per use - see the Network Analysis tab of https://aws.amazon.com/vpc/pricing/

profile picture
EXPERT
answered 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions