Why can't I connect to my AWS RDS instance? - mysql

I am trying to connect with the username, password I've set up with the given host name. I can't connect. I've checked the security group to be configured correctly at PORT allowing incoming from "My IP" which populated my IP there.
What else could I be doing wrong?
When I try to get into the DB using the following command in my terminal:
mysql -h [aws-hostname-endpoint] -P 3306 -u admin -p
I get:
ERROR 2003 (HY000): Can't connect to MySQL server on [aws-hostname-endpoint] (60)

When you setup your RDS instance, also be sure to allow for public access if you want to connect to it from your development machine. SO two things to check:
allow public access for the RDS instance
make sure you inbound rules are setup to allow for a connection from your IP address.
Once you do these two tasks, you will be able to connect via a tool such as MySQL Workbench.

These RDS endpoints are not public (and they shouldn't be), so you can't use them on your computer to connect to them. You could make these endpoints public, but that's not a good idea/design. It's better if you try to connect inside an AWS environment (i.e EC2). Then you can restrict access to that using SSH keys.
We usually create a Bastion server for this purpose to act as a proxy, then you can use an SSH tunnel to connect to the RDS instance. Then all your traffic will be routed through the Bastion server in a secured tunnel.

Related

Unable to connect to AWS RDS using AWS CLI - Error 2002

I've set up a basic AWS RDS in the free tier. No public access but created a security group with my IP address added as an inbound rule.
For authentication I have RDS password plus AWS IAM.
I try to connect to the db via my computer (Ubuntu) with the following command:
mysql -h <db-conn>.amazonaws.com -P 3306 -u admin -p
I've already looked at this answer - Cant connect to mysql server on AWS RDS My port isn't blocked and I've checked the security group. I am able to successfully run AWS CLI commands like this:
aws rds describe-db-instances --filters "Name=engine,Values=mysql" --query "*[].[DBInstanceIdentifier,Endpoint.Address,Endpoint.Port,MasterUsername]"
But every time I run the mysql command, I get the following error:
ERROR 2002 (HY000): Can't connect to MySQL server on '<db-conn>.amazonaws.com' (115)
Would love some assistance with this. Thanks!
For being able to connect to your AWS RDS system and not letting anyone to connect you need to do the following steps:
Set your Publicly Accesible property to YES in your RDS configuration. That will give the system a Public Subnet address and allow it to be accesible from outside your VPC.
Go to your security group and allow access to your RDS system (the port 3306 that you are trying to connect) only from your VPC and from your public IP. This makes changes in your firewall rules.
In that way you will be able to access your RDS from your public IP, but noone else will be able to access.
check your ip that config in the security group, it is need your public ip not like '192.168.xxx.xxx', you can get your public ip by google

Can't Connect to RDS mysql DB from Wordpress on Amazon linux EC2 Instance

I am getting Error establishing a database connection while trying to connect to mysql on Amazon RDS from my Wordpress instance.
Wordpress is on my AWS Linux EC2 Instance, both are on the same VPC, same Security Group allowing 3306 inbound rule, db credentials in wp-config is also correct.
I am able to connect to my mysql RDS instance while ssh with the following command and it connects fine:
mysql -h "endpoint url" -u "username" -p "password";
However, when accessing the EC2 EIP on the browser to setup my WP final configuration I get the error connecting DB.
Did you check your security group? Because you have to open the MySQL Port 3306.
When you are creating the RDS, it is important to create a new security group, like myRDSgroup, later you have to modify it by open the port 3306 in the source select the security group where your AWS EC2 is located.
Could you send your security group screenshot, please?

Connecting to Remote MySQL DB over ssh with workbench

I'm trying to connect to a remote DB with MySQL Workbench over SSH. The remote DB I'm trying to connect to has firewall which is private key protected (I have coverted this to OPEN SHH). I keep getting an error when I try to connect, I'm just a little confused on what is the information of the DB I should be using. I consistently see people use localhost and the DB changed intermittadely at the same point in different questions. My set up is currently that I have to connect to the server of the firewall(check) now there are multiple VMs running I wish to connect to e.g. 192.1.91.0. I have also a port set up to this on putty( I don't know if this is relevant) on localhost 5000. When I try to connect using 192.1.91.0 port 3306 or localhost 5000. I get the same error. Can anyone help. Attached is an image of the information I put into workbench
I think there are a few misunderstandings here. A firewall is not protected by a keypair. An SSH connection is. The firewall only filters network traffic using specific rules (e.g. only let it pass for enabled network ports). When you use an SSH connection you have to use the MySQL address as seen from the remote SSH connection end. That means if the MySQL server runs on the same machine as the SSH server (which is what you connect to when you use an SSH tunnel) then the address is localhost (or the IPv4/IPv6 loopback address). See my video about connection creation and troubleshooting on Youtube for more details.
To connect workbench with a private database you will need a 'jump host' also called 'bastion host' which can be any EC2 instance in a public subne in same VPC as database.
Follow Below Steps:
Open the security group attached to the database, and add new rule as below:-
Type:MYSQL/Aurora, Protocol:TCP, PortRange:3306,
Source:securitygroupofEC2 (you can all security group by entering
'sg-')
Open the security group attached to the EC2, and make port 22 is open. If not, add a new rule as below:-
Type:SSH, Protocol:TCP, PortRange:22, Source:MY IP
Open Workbench, Click New connection
- Standard TCP/IP over SSH
- SSH Hostname : < your EC2 Public IP > #34.3.3.1
- SSH Username : < your username > #common ones are : ubuntu, ec2-user, admin
- SSH KeyFile: < attach your EC2 .pem file>
- MYSQL Hostname: <database endpoint name> #mydb.tbgvsblc6.eu-west-1.rds.amazonaws.com
- MYSQL Port: 3306
- Username : <database username>
- Password: <database password>
Click 'test connection' and boom done!!
If the MySQL Server is configured to accept remote connections, you can use the servers IP address, but then you don't need to connect over ssh. Once you choose connect over ssh, the workbench creates a portforwarding using the ssh credentials to the specified server. So you have to use localhost as MySQL hostname. Due to the portforwarding, the request will be forwarded to your remote machine. In short: As far as I understand your question, you have to use localhost.

Unable to connect to MySQL AWS RDS instance from local MySQL

I have created an MySQL RDS instance with VPC. Now i am trying to connect to that RDS instance from my Ubuntu 12.04 machine using MySQL client by following code:
mysql -u uname -h test.c6tjb4nxvlri.us-west-2.rds.amazonaws.com -P 3306 -p
But i am getting this error:
ERROR 2003 (HY000): Can't connect to MySQL server on 'test.c6tjb4nxvlri.us-west-2.rds.amazonaws.com' (110)
I searched about this error and everywhere solution came out like
Go to the Instances
Find the security group
Change the inbound rules of that security group by
Adding source of user machine public ip or
Set source ip as 0.0.0.0/16
I tried everything but still same error occures. Any explanations?
The problem was in subnet. Subnet that you created must be publicly accessible.
In On-premises MySQL Workbench, use TCP/IP SSH Tunneling option. Make sure you have EC2 instance endpoint and keypair file.
In SSH endpoint - add your EC2 instance endpoint and for SSH password, browse your keypair. Rest of configurations for MySQL. Like MySQL's endpoint, username, password, port and schema name.
Test your connection it will return success. If not, check RDS Security group. In Security group, you open MySQL port for all IP address. Try it! it will work. Once connection was success, all schema are visible in MySQL Workbench.
RDS DB instance need not to be in public subnet and it is not best practice to do. Always keep RDS DB instance in private subnet and open traffic for EC2 instance.
When you use TCP/IP SSH Tunneling, request traffic will send through EC2 instance to RDS DB instance.
HTH.

Connect to RDS from VPS

I am trying to transfer an existing mysql database that is located on my VPS to AWS RDS.
I have RDS set up and I am able to connect to the server just fine by connecting to one of my ec2 instances through ssh and using this command:
mysql -uuser -p -hxx.xx.us-west-2.rds.amazonaws.com
However, when I try to connect from my VPS (through ssh) I receive an ERROR 2003, which I believe is permission denied.
It doesn't seem to matter how I set my security group. I set the inbound to allow port 3306 from my server ip and that did not work, I even tried allowing all traffic on all ports from anywhere on my inbound rules and I still am unable to connect. The outbound has always been completely open.
If anyone can see anything that I am missing I would really appreciate some help.
Thanks.
Make sure your RDS instance is set to public if you want to access it externally. If in fact it's not publicly accessible then you'll need to recreate your instance and import your data, or take a snapshot and rebuild your RDS instance from the snapshot.
You only have ONE chance to modify it and that is at instance creation.
If you do this then make sure you security group only allows from a specific IP address or if you're using MySQL workbench rather use a SSH tunnel using SSH keys via an EC2 instance.
Is user a user you created manually in your RDS, or is it the admin user that was created when you created the instance? If the former, then make sure you have granted access to that user from your remote VPS.
Also, from your VPS, make sure you can open a TCP connection to the database. Try:
$ nc -v -z xx.xx.us-west-2.rds.amazonaws.com 3306
If the connection succeeds here but you still can't connect with the mysql CLI, you have a problem with the username/password/database connection info.