RDS connection blocked despite security group "Allow all traffic, all ports, all IPs"

Question

I can only connect by ssh-ing into my ec2, and then using mysql from the cli.

I can not connect:

ssh-ing into my ec2, and connecting from PHP
mysql command line on my local machine.

I cannot ping my rds endpoint from anywhere, including, oddly enough, from while ssh-d into the ec2 machine from which I actually can connect.

PHP gives me the error: PHP error: php_network_getaddresses: getaddrinfo failed when I run:

mysql_connect('rds hostname', 'ebroot', 'password');

mysql -h aaec248lyez3jg.ce3r5quzhqoq.us-east-1.rds.amazonaws.com -uebroot etc from my local machine gives me ERROR 2003 (HY000): Can't connect to MySQL server on ... but works fine when ssh'd.

My RDS has this security group:

Which uses this ec2 sec group:

Which is defined as:

How am I not able to connect when all my settings are "ALLOW ALL FROM ANYWHERE"?

Why am I able to connect only through ssh tunnel and mysql client, but not even from using php from the same machine?

What's going on?

Define "can not connect". What specifically are you trying and what errors are you seeing? — EEAA, Aug 23 '15 at 22:06
Your PHP error message indicates a DNS problem. And your MySQL error message is missing. — Michael Hampton, Aug 23 '15 at 22:12
`ERROR 2003 (HY000)` is the error.. Are you expecting something different? DNS problem sounds right, considering I can't ping the box. — Jordan Warbelow-Feldstein, Aug 23 '15 at 22:14
I'm on AWS, on an ec2 instance set up by elastic beanstalk. What did I need to do to get DNS? — Jordan Warbelow-Feldstein, Aug 23 '15 at 22:15
`ERROR 2003 (HY000)` is not the *entire* error. You seem to have removed the most important information, the number in parentheses at the end. Also, not being able to ping RDS is normal, so not being able to ping it proves nothing either way. — Michael - sqlbot, Aug 24 '15 at 02:23
Got it, I didn't realize that the `(60)` was an error code. i thought it was a timeout. The `ERROR 2003` ended in `(60)` — Jordan Warbelow-Feldstein, Aug 24 '15 at 03:00
What are the SG settings of the EC2 instance? Is it in VPC or classic? Can you reach out to the internet from that instance and can it resolve internet host names successfully? That PHP error is indicating that the instance is failing to look up the IP for the RDS instance. The problem isn't RDS; it's the EC2 instance failing to look up the name. — Nathan V, Aug 26 '15 at 18:43

RDS connection blocked despite security group "Allow all traffic, all ports, all IPs"

0 Answers0