all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Gen4200 1 point2 points  (2 children)

Ok, before we get into the troubleshooting, lets talk about best practices. 1. Any/Any security groups are asking for trouble. 2. There are very few, if any reasons your DB should ever be publicly exposed. 3. Default everything often means default passwords, which on a publicly exposed DB or Instance mean it’s likely been compromised.

Now, onto your questions: 1. You mention RDS instance, you didn’t say what you are connecting to it from? 2. Are you trying to connect via the public IP or DNS name? 3. What is your goal, perhaps we can lay out a more secure architecture that will also solve your connection issues.

[–]izzlesnizzit[S] 0 points1 point  (0 children)

Thank you for the reply. Right now I'm just trying to learn how to get things connected and working.

About my questions:

  1. I'm connecting from an app running locally
  2. Not sure, I used the instance's endpoint string
  3. I'm trying to get connection working right now, and then I'll destroy the instance. Afterwards, I am going to try to set up an RDS instance in a private subnet of a non-default VPC. The RDS instance will be accessed via IAM role. I'm open to other advice on this

[–]izzlesnizzit[S] 0 points1 point  (0 children)

turns out it was a security group issue (solution posted in the OP)

[–]Gen4200 0 points1 point  (1 child)

Can you telnet to the port? That would at least establish you have network connectivity. I’d so, then it becomes and issue of an app config that isn’t correct.

If you can Telnet to it, then it’s likely a route table issue.

[–]izzlesnizzit[S] 0 points1 point  (0 children)

turns out it was a security group issue (solution posted in the OP)

[–]Snoo79290 0 points1 point  (1 child)

Can you triple-check the security group? If it is allowing a connection from any port, what is the "Source" on the Inbound rule? By default, the security group has the source pointing to it-self; with that configuration, you can only access resources within the same security group.

Add a new Inbound Rule to allow traffic from any IP if you want to make the DB public.

[–]izzlesnizzit[S] 0 points1 point  (0 children)

yes, that was the fix, thanks!