Amazon EC2 - Can't connect remotely to MariaDB

Question

I'm configuring my EC2 server. I managed to install php, laravel etc. (with a bit of suffering though). Now I

• created an user on MariaDB
• granted all permissions from remote
• enabled bind-address = 0.0.0.0 in my.cnf
• tested local login, works
• opened rules in the Security group for Mysql/Aurora, port 3306, TCP, all IPs, both incoming and outcoming

but still can't login from remote, I get

ERROR 2003 (HY000): Can't connect to MySQL server on 'yyz.yyz.yyz.yyz' (110)

What can I do? I don't have any iptables of sort, everything is supposed to be plain simple... but it's not :-(

I'm trying to connect from outside the Amazon network, with this string

mysql -u myuser -pmypwd -h yyz.yyz.yyz.yyz -D myschema

Please notice that from the server itself I can connect using

mysql -u myuser -p -h localhost -P 3306 -D myschema

Thank you Marco

P.S. For reference, here are my MariaDB users

+---------------------------------------------+-----------+
| host                                        | user      |
+---------------------------------------------+-----------+
| %                                           | myuser    |
| 127.0.0.1                                   | root      |
| ::1                                         | root      |
| ip-yyz-yy-zz-yyz.us-west-2.compute.internal | root      |
| localhost                                   | root      |
| localhost                                   | myuser    |
+---------------------------------------------+-----------+

Answer 1

EC2 instances have two IP addresses, internal and external.

It looks to me like your user table authorizes access from the internal IP address.

ip-yyz-yy-zz-yyz.us-west-2.compute.internal | root 

Are you trying to connect to the internal address from outside AWS? That Doesn't Work™.

If you're trying to connect to the external address, you'll have to add it to your user list.

For troubleshooting but not production, you can add a * | root user.

You can also try https://xyz.xyz.xyz.xyz:3306 from a browser. It won't connect, but if it times out you know there's no route to that address from your machine. If it yields some kind of gibberish, immediately, you know the MySQL port is visible.