Simple Connection to Amazon RDS MySQL Database using MySQL Workbench

Question

I am just trying to connect to an Amazon MySQL RDS instance from MySQL Workbench on my local machine. I am not trying to connect from an EC2 instance or any other server at this point or do anything special. I simply want to connect in the most basic way so I can add a database, tables, and some data from within MySQL Workbench.

I have the MySQL Workbench application downloaded and installed on my Mac computer running OSX 10.9.4.

I have set up a MySQL RDS instance on Amazon AWS.

I have an EC2 Security Group that is authorized for this RDS instance. (Should I be using a CIDR/IP security group? If so can you go into more detail please)

I opened MySQL Workbench and am in the Setup New Connection window:

• Connection Method is set to Standard(TCP/IP).
• Hostname is the Endpoint that I find under my RDS Dashboard for this instance
• Username is my Master Username that I made when I created this RDS instance.
• Password asks to 'Store in Keychain...' I put the Password I made when I created this RDS instance.

When I test the connection in WorkBench, I get the error:

Can't connect to MySQL server on 'SERVER_IP_ADDRESS' (60)

What am I doing wrong? Please go step by step from the beginning for a newbie.

Answer 1

I have an EC2 Security Group that is authorized for this RDS instance. (Should I be using a CIDR/IP security group? If so can you go into more detail please)

This is the part you seem to be missing. You need to edit your security group settings:

• You need to authorize the IP of the computer that is trying to connect to the RDS instance by CIDR/IP. If you are using the same computer to edit the security group as you are using to try to connect via MySQL Workbench then when you select the "Connection Type: CIDR/IP" (at the bottom of the Security Group settings) the dialog will auto-fill with your own IP block (Your IP appended with /32).

• Click Authorize and that should do it.

I have experienced this authorization to take from a few seconds to a minute to visually complete in the AWS Console, but once it says "Authorized" the connection should work.

That is, of course, assuming your connection string is correct. ;)

Answer 2

Few things you want to make sure:

• Your VPC security group is allowing for connections on the port you're using (default 3306).
• Make sure you have an Internet Gateway attached to your VPC.
• Your subnet's route table must contain a route that directs Internet-bound traffic to the Internet gateway. (source)

For me, the last one slipped through. Specifically I added a destination to the route table leading to 0.0.0.0/0 (ALL). I don't know the security implication of this, but it worked after that. This is a throwaway db for me and it's isolated from other instances/VPCs.