When you create a new amazon rds instance, you are offered to choose true/false for the "publicly accessible" option, Is there a way to change this for an existing instance?
Asked
Active
Viewed 4.7k times
46
-
Watch out: changing this attribute to true after the RDS has been started might not work: `Unable to connect to server: could not translate host name ***.rds.amazonaws.com to address: Unknown host` – psycho brm Sep 14 '18 at 14:57
9 Answers
38
EDIT: Yes, it is now possible to change the "Publicly Accessible" property from "No" to "Yes". (And vice-versa) Hooray!
Old answer left here for historic purposes: No.
It would be nice though, eh? As a workaround your best option is the following:
- Create a snapshot of your instance.
- Launch a new instance from this snapshot using the Publicly Accessible option.
Evidence:
- John G's diplomacy in this post prevents him from writing "No" as I did, but the his answer "You can create a snapshot of the current RDS database and launch it with the publicly accessible option." makes it pretty clear that he's offering the workaround because the direct solution is not available.
mdahlman
- 9,204
- 4
- 44
- 72
-
15
-
2Warning: Aurora **serverless** does not currently support this, and you must connect to it from within the VPC. – Ben Butterworth Mar 29 '20 at 17:00
-
1I don't see that right-click option as @Silas does, but I do see a 'Modify' button on the top right of the instance page. It can also be found going back to the Databases list, then selecting the instance, them clicking the 'Modify' button. – OfirD Jul 29 '20 at 19:13
-
1MySql supports 'modify' but it hides in 'connectivity -> additional configuration.' – Jim Nov 24 '21 at 02:19
-
reference: https://aws.amazon.com/premiumsupport/knowledge-center/rds-connectivity-instance-subnet-vpc/ – FabricioFCarv Jan 04 '22 at 14:50
19
To find the "publicly accessible" setting, select the instance click "modify" and click on Additional Configuration. This will expand and you will see a "publicly accessible" option.
Brett
- 2,502
- 19
- 30
11
I stumbled across this looking for the same answer. Sadly it looks like 10 months later the answer is still "no" - you can't change an existing DB to be publicly available.
However - you can come close... Even though it isn't publicly available, it is available to EC2 instances you launch in that same VPC. And you can set up a SSH tunnel from your computer through an EC2 instance to that DB - effectively giving you access to the instance without having to relaunch it from a snapshot.
You didn't specify your computer's OS, so I'm conveniently going to assume linux...
First, launch an EC2 instance, give it access to your RDS instance via security groups, make sure you can log in to that EC2 instance, and make sure you can access the RDS DB from that EC2 instance. If any of that fails, the rest of this won't work.
Next, setup a tunnel:
ssh -v -N -L 1234:rds.endpoint:3306 yourec2username@your.ec2.host
Where rds.endpoint is the URL for your RDS instance, your.ec2.host is the host name for your EC2 instance, and yourec2username is your username on the EC2 host.
You can then connect to the RDS instance with
mysql -p -u dbuser -h 127.0.0.1 -P 1234 dbname --password=dbpassword
Hope that helps the next person that stumbles across this...
Gatos
- 219
- 2
- 7
5
This is an old question but this maybe can help someone.
Is not need to delete and restore the database, just open the DB instance in the AWS console, click on Modify and look for Additional connectivity configuration, later there are only two options there Publicly accessible and Not publicly accessible. Select your option, wait a few seconds to the modification is applied to your instance and eureka, its done.
For more info check the official docs
Yasiel Cabrera
- 540
- 4
- 11
4
It seems as AWS now allows to change the accessibility property. However the database seems to be modified and during this time eventually connectivity issues may occur.
I have not found any blog / news article about it. However in my account I am able to do it.
Thomas Hunziker
- 1,928
- 1
- 16
- 13
-
1I was able to modify an instance using the console. It took some time for the change to propagate, and the console showed the old setting until it finished. – daxlerod Jan 04 '16 at 16:19
1
You could create a ssh tunnel in your VPC, or make a port forwarding with iptables but, the best and the simplest solution is create a read replica with the PubliclyAccessible flag in true and then promote the replica to master. I recommend always use a CNAME of the RDS endpoint, so you could change the CNAME in the DNS without touch your app.
Making a snapshot and restore it will add a unnecessary downtime in your app.
Look!
AGL
- 536
- 2
- 7
1
For someone who struggled like me, to find it, the publicly accessible option is available under Connectivity > Additional Configuration
Samra
- 1,815
- 4
- 35
- 71
0
First find out which VPC are you in.
If you wish to make your RDS instance as public accessible, you have to enable VPC attributes in DNS host and resolution.
You can set this by using the parameter PubliclyAccessible which will resolve to public IP address.
This is from AWS documentation :
Amazon RDS supported two VPC platforms: EC2-VPC and EC2-Classic. The EC2-VPC platform has a default VPC where all new DB instances are created unless you specify otherwise. The EC2-Classic platform does not have a default VPC, but as with either platform, you can create your own VPC and specify that a DB instance be located in that VPC.
Ratan Sharma
- 187
- 1
- 4
-
3The items you quote are true, of course. But they are not helpful for answering the question. – mdahlman Jul 17 '14 at 03:31
-2
As of now "PubliclyAccessible" variable is not available in the Cloudformation tool. So if you are deploying your RDS using CloudFormation template, you have no choice of changing this parameter. Its by default "No". But if you are using AWS console, you have choice of changing "Publicly Accessible" value to Yes from default No. I think AWS should update the cloudformation "AWS::RDS::DBInstance" function with this parameter.
Thanks.
Prasenjit Das
- 1
- 1