Error 2003 (HY000) when i try to connect amazon rds server from ec2 server

amazon-web-services

I know I need to configure the RDS security group to allow connection from EC2 security group.

I have an EC2 instance running in the default security group. so i added the EC2 Security Group to the RDS DB security group. When I try to connect using the mysql client from my EC2 instance it gives me the following error:

ERROR 2003 (HY000): Can't connect to MySQL server on 'xxxx.xxxx.us-east-1.rds.amazonaws.com' (110)

the command i used is:

mysql -udbuser -p -hxxxx.xxxx.us-east-1.rds.amazonaws.com

I found this post with the exactly same issue I have, but no one answers

https://forums.aws.amazon.com/message.jspa?messageID=328603

I am able to add CIDR/IP rules and works just fine from my laptop. However, I really need my ec2 instance hook up with my rds. Thanks in advance for any help.


I have fixed this issue by adding the public ip address of my EC2 server to the DB security group default policy.


To expand on the Yuzhou's answer, and answer Amit's question, you can create a new security group with the corresponding IP range/subnet of your EC2 instances(s). You can use the exact IP(s), or use your VPC's subnet(s) as the range.

Once created, you can right click your RDS instance in the management console and select 'Modify'. From there, you can change the associated security groups.


The answer given by Yuzhou Zhu will work, but a better option would be to add the security group of the EC2 instance to the security group of your RDS database. In this case even if you're not using an Elastic IP, still your solution will work even after stopping/starting your EC2 (which might change the public IP of your instance).


For my problem, aside from adding a new rule for allowing a certain of IP(s), public accessibility needs to be enabled too

【Modify]->[Network & Security]

Public accessibility
Info
Yes
EC2 instances and devices outside of the VPC hosting the DB instance will connect to the DB instances. You must also select one or more VPC security groups that specify which EC2 instances and devices can connect to the DB instance.

No
DB instance will not have a public IP address assigned. No EC2 instance or devices outside of the VPC will be able to connect.

Tick Yes, and apply changes.

Related

Best Practices for Azure AD-joined PCs and Global Admin accounts
Nginx -- disable aggressive caching for Wordpress admin areas
Dell R630 supported PCIe to NVMe (m.2) adapter and drive?
Bulk Phone number change - DSQUERY
Which is my SQL server name for connecting to the online database by SSMS?
Segmenting IPv6 networks using dnsmasq?
Mirror Linux Systems Running Game Servers And Payment Managing servers
How to stop apt-get using /tmp for install scripts
New virtual host on apache returns the default vhost, other times returns the normal content
docker-compose static ip does not work
checking and reading cookies with nginx
Server 2012 R2 in place upgrade to server 2016 or 2019 error after first reboot