使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Can't connect to RDS database from remote

0

Hello Community,

I'm not able to connect my newly created publicly accessible rds Mysql database from my local computer.

My VPC Configurations:

  1. There is public and private subnet
  2. In public route table public subnets are associated and there is 0.0.0.0/0 route through internet gateway
  3. In private route table private subnets are associated and there is 0.0.0.0/0 route through NAT gateway

RDS Configurations:

  1. Above VPC is selected during DB creation
  2. Created Subnet Group (I can see that all public and private subnets in subnet group)
  3. Selected RDS in publicly accessible mode
  4. Allowed 0.0.0.0/0 in rds security group

Now when RDS database is created I can see that it is getting IP from my private subnet although I selected RDS to be used publicly accessible. I have other databases which was created previously with same configuration and vpc. They are getting IP from public subnet. They are accessible from remote location without VPN connectivity. Please help how can I overcome this issue?

Thank you!

主题
迁移与现代化分析数据库
标签
Amazon Relational Database Service数据库
语言
English
Jayed
已提问 2 年前1076 查看次数
1 回答
1

If the subnet the instance is launched in is private, it will be unreachable from the Internet even if you enable "publicly accessible" for the instance. You need to launch in a public subnet in order for the instance to be assigned a public IP. If you have both types of subnet in your subnet group, and RDS picks a public one for an instance, it will work. If you remove the private subnets from the group it will only ever launch in the public ones.

However, I'd strongly recommend against public-facing RDS instances open to 0/0 in the security group. If you must have it publicly accessible, I'd advise scoping that rule down to your current external IP (you can visit https://checkip.amazonaws.com/ to find out what it is).

You could remove the requirement for the instance to have a public IP at all (for you to be able to connect to it) with Systems Manager Session Manager's port forwarding feature.

profile pictureAWS
专家
James_S
已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容