AWS EC2 MySQL Replication: Config To Query Slave From Master

I have successfully set up a MySQL master-slave situation on separate AWS EC2 instances. The slave is running and is successfully replicating the master.

So far so good.

Now I want to be able to query the slave (for analytics, etc.) but I can't find the right configuration to be able to send a query from the master to the slave.

The errors I get (depending on my AWS Security Profile settings) are either "Connection Refused" or "Connection Timed out"

On the slave I had an EC2 Security Group allowance for the master IP block to use to connect to port 3306, and I used the slave's IP address in the master's connection configuration.

That resulted in the "Connection Refused" error when I tried to query the slave from the master.

On the master, I ran 'show full processlist' and saw the slave host was the AWS EC2 host name, not the IP, and port 44508 was tacked on to the end, so I changed connection info on the master to use the slave host name instead of the IP address, and the Security Group setting on the slave to allow traffic from the master on port 44508 instead of 3306.

That resulted in the "Connection Timed Out" error.

I have tried combinations of IP/hostname/port in the slave's Security Group, but just getting one of those 2 errors, with any combination.

Can anyone offer tips on how to configure things so I can run (read-only) queries on the slave from that master machine, and return the results back to the master? TIA.

Both systems are set up the same, except the master is also running Codeigniter4, which is where I'm setting the connection configuration:

Ubuntu 20.04.3 LTS and MySQL 8.0.26-0


In such setup your clients (apps, software) should connect to the slave and run SELECT queries only (if you need to run write queries - they should be done on the master only).

You should check:

  1. If MySQL server listens on the network in the slave server.
  2. If security groups allow connecting to the slave server by your apps.
  3. The slave should be configured as read-only to prevent problems.