Menu
I have an EC2 instance that I am trying to connect to an RDS (mySQL) instance.
I created an RDS mySQL instance with the name: mydbinstance, user: mysuperuser and a generic 8 character (mypassword) just for testing purpose.
Virtual Private Cloud: default (same as where the EC2 is located)
Subnet group: default
Public accessibility: No (DB instance will not have a public IP address assigned. No EC2 instance or devices outside of the VPC will be able to connect.)
Availability zone: No preference
VPC security groups: Create new VPC security group
IAM DB authentication: Disabled
I added the RDS instance to the same VPC as the EC2 instance, so it's in the same zone.
The dbinstance is using a new security group:
Type: Custom TCP Rule Protocol: TCP Port: 3306 CIDR: 174.62.127.135/32
Where does this IP address comes from? I didn't specify anything at instantiation...
Next, I ssh to my EC2 instance (the one located in the same VPC), and try:
$ mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p
I entered mypassword (the one I specified earlier) at the prompt and I get:
ERROR 1045 (28000): Access denied for user 'mymasteruser'@'localhost' (using password: YES)
I tried getting the IP address of the EC2 box with ifconfig, and updated the security group IP address (the one I was wondering about above) used by RDS with it. Same result, no luck connecting. I've been googling for an answer since then.
What are my other options to debug this? I would appreciate any suggestions.
UPDATE
I was able to run this from my laptop (by changing the DB Public Access to YES):
mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p
found 0 associations found 1 connections:
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif en3
src 192.168.86.33 port 55863
dst xx.xxx.xxx.xxx port 3306
rank info not available
TCP aux info available
But I am unable to get any output from my EC2 instance. It hangs! Same why I run netcat (nc) command. Why is this not working on my EC2 instance?
985
Troubleshoot database level issuesBe sure that you're using the correct user name and password to access the instance from your DB client. Be sure that the user has the database permissions to connect to the DB instance. Check for any resource throttling in Amazon RDS, such as CPU or memory contention.
To connect to a private RDS DB instance from a local machine using an EC2 instance as a jump server, follow these steps: Launch and configure your EC2 instance and configure the network setting of the instance. Configure the RDS DB instance's security groups. Connect to the RDS DB instance from your local machine.
I was able to make it work after I found the nugget on the aws forum. Posting it back here in case someone stumble on the same issue:
"In order to connect to MySQL, you will have to authorize the IP address of the host from which you plan to connect to MySQL. You should also revoke access from the CIDR you currently have authorized. If you don’t know your computer’s IP address, you can see it by visiting the site http://checkip.amazonaws.com/. Note that you will have to add “/32” to the end of this to convert the IP address to a CIDR which contains only that IP address. For example, if your IP address is 192.0.2.10, you should authorize access to the CIDR 192.0.2.10/32.
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
