Can't connect to AWS RDS instance

Can't connect to AWS RDS instance? Try this fix guide here.

Sometimes, most AWS users discover that they are unable to connect to Amazon RDS account from other instances.

Here at IbmiMedia, as part of our Server Management Services, we regularly help our Customers to perform related AWS errors.

In this context, we shall look into methods to resolve this AWS connection issue.

Main cause of Can't connect to AWS RDS instance error

Before going into the different ways for fixing this error we will see what causes this error.

This error can happen as a result of any of the reason listed below:

DB instance is not in available state.
The DB instance is not publicly accessible.
Inbound rules for the security group do not allow connections.
The routing table does not include an Internet Gateway.

Different method to fix Can't connect to AWS RDS instance error

Here, you will see different ways to resolve this AWS error.

1. Ensure that the DB instance is in an available state

If we have recently launched or rebooted the DB instance, we must confirm that the DB instance is in the available state in the Amazon RDS console.

Depending on the size of the DB instance, it can take up to 20 minutes for the DB instance to become available for network connections.

And if it is in an available state, We can verify the connection by running either of the following commands:

$ telnet <RDS endpoint> <port number>
$ nc <RDS endpoint> <port number>

If either the telnet or nc commands succeed, then we can understand that a network connection was established.

So the issue may likely be caused by the user authentication to the database, such as user name and password.

2. Ensure that inbound rules for the security group allow connections

To create an internet gateway and attaching it to VPC we can do the following:

i. Firstly, we have to open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

ii. Then click Internet Gateways, and then go to Create internet gateway.

iii. We can name the internet gateway if we wish to as it is optional.

iv. Also, it is optional to add or remove a tag.

To [Add a tag] Choose Add tag and do the following:

a. For Key, enter the key name.

b. For Value, enter the key value.

To [Remove a tag] Choose Remove to the right of the tag's Key and Value.

v. After that we have to click Create internet gateway.

vi. Now select the internet gateway that was created, and click Actions, Attach to VPC.

vii. Finally, select the VPC from the list, and click Attach internet gateway.

3. Create a custom route table

When we create a subnet, we automatically associate it with the main route table for the VPC.

By default, the main route table doesn't contain a route to an internet gateway.

The following procedure creates a custom route table with a route that sends traffic destined outside the VPC to the internet gateway and then associates it with our subnet.

To create a custom route table we can use the following steps:

i. Firstly, we have to open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

ii. Then click Route Tables, and go to Create Route Table.

iii. In the Create Route Table dialog box, optionally name your route table, then select your VPC, and then choose Yes, Create.

iv. After that we can select the custom route table that we just created.

v. Then in the Routes tab, click Edit, Add another route, and add the following routes as necessary.

a. For IPv4 traffic, specify 0.0.0.0/0 in the Destination box, and select the internet gateway ID in the Target list.

b. For IPv6 traffic, specify ::/0 in the Destination box, and select the internet gateway ID in the Target list.

vi. And in the Subnet Associations tab, we can click on Edit, select the Associate check box for the subnet.

vii. Finally, click Save.

4. Create a security group for internet access

By default, a VPC security group allows all outbound traffic.

However, we can create a new security group and add rules that allow inbound traffic from the internet.

Also, we can then associate the security group with instances in the public subnet.

To create a security group and associating it with the instances we can do the following:

i. Firstly, we have to open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

ii. Then click Security Groups, and go to Create Security Group.

iii. In the Create Security Group dialog box, we can specify a name for the security group and a description.

iv. After that we need to select the ID of our VPC from the VPC list, and then choose Yes, Create.

v. Next, we will select the security group. The details pane displays the details for the security group, plus tabs for working with its inbound rules and outbound rules.

vi. On the Inbound Rules tab, click Edit. And then click Add Rule, and complete the required information.

For example:

We can select HTTP or HTTPS from the Type list, and enter the Source as 0.0.0.0/0 for IPv4 traffic, or ::/0 for IPv6 traffic. Ensure to click Save after making the changes.

vii. Next, we can open the Amazon EC2 console at https://console.aws.amazon.com/ec2/ and click Instances.

viii. We have to select the instance and click Actions, then Networking, and then select Change Security Groups.

ix. In the Change Security Groups dialog box, clear the check box for the currently selected security group, and select the new one.

x. Finally, click on Assign Security Groups.

5. Set the DB instance to be accessible publicly

To check whether a DB instance is publicly accessible, we can use the Amazon RDS Console or the AWS CLI.

To change the Publicly Accessible property of the Amazon RDS instance to Yes:

Open the Amazon RDS console.
And click on Databases, and then select the DB instance.
Next, we have to click Modify.
Here, under Connectivity, we can extend the Additional configuration section, and click on Publicly accessible.
After that click Continue and then click Modify DB Instance.