0

I am very much confused right now, since a connection from my local MySQL workbench to an instance in AWS RDS does not work anymore. I have a dynamic IP, so I edited the inbound rules in the AWS security group to reflect that, but I am still getting error: "MySQL Error 2003 (HY000): Can't connect to MySQL server on 'xyz.us-east-1.rds.amazonaws.com' (10060)"

I also tried to establish a connection via Command Prompt but same result there. What I want to try next is using MySQL shell, but I am not sure how to change the user in the connect statement. Entering

\connect --mysql xzy.us-east-1.rds.amazonaws.com

returns a prompt, asking me to provide the password for 'myWindowsUser@xyz.us-east-1.rds.amazonaws.com'. However, I obviously do not want to connect with my Windows User but the admin of the DB instance. How can I change the user? Typing -u admin -p results in enter image description here

Thanks a lot for any hint!

edit: I am also admin of the AWS RDS instance, so I can see it is up & running

edit1: here is the reply I get for nslookup: enter image description here as well as a picture of the security group: enter image description here

Moritz
  • 495
  • 1
  • 7
  • 17
  • Usually the right answer is the simplest one. Be systematic, check you can establish a network connection, even with telnet (telnet xyz.domain.com 5432) or check if "netstat -nap | grep SYN_SENT" exists for the rds ip. I'm sure this is a network problem – KafKafOwn Jan 30 '22 at 17:20
  • Hey there, thanks for the quick reply. I am also admin of the AWS RDS instance, so I can see it is up & running – Moritz Jan 30 '22 at 17:28
  • 1
    I'm sure it's up, I think maybe the security group is not set up properly... Just saying you need to rule out the obvious before moving on to check other things. – KafKafOwn Jan 30 '22 at 18:02
  • I have to admit I am quite a noob with AWS, so please excuse if I am confusing things. I checked the network connection with statement nslookup (was that correct?) and posted the reply in the initial post. Can you maybe check? From my point it looks ok. I also posted a picture from the security group – Moritz Jan 30 '22 at 18:14
  • 1
    I tried to connect and I got time out, it means you didn't set it up properly. Did you set the security group on the rds? + If you have a public rds(VPC is recommended) then at least don't open it to the world like you did. You can set up a private ips security group and add your private ip addresses to it. – KafKafOwn Jan 30 '22 at 18:22
  • I changed the access of the database to private. The security group is set for the database. I am not entirey sure about the inbound rules tho: in order to get the telnet connection succeed, I need to set Custom ICMP – Ipv4/All/All/Custom/ XX.XXX.XX.XXX/32/ , correct? – Moritz Jan 30 '22 at 18:50
  • nslookup just resolves the domain name into an ip address; it does not check that you can connect to the mysql port on that ip address. – ysth Jan 30 '22 at 19:00
  • No need to open ICMP, you can connect even if there is no ping(ICMP). If you changed to private then you can only connect from within the VPC, so you won't be able to connect from your local machine unless you use proxy/VPN/etc.. – KafKafOwn Jan 30 '22 at 19:15
  • I switched back to private but I am still not able to connect. From what I understand, one single inbound rule of type 'All ICMP - IPv4' with Source 'Anywhere' should be sufficient to allow a connection from my local machine. Do I have to reboot the database or something? – Moritz Jan 30 '22 at 19:56
  • Did you mean you switched back to "public" subnet? How did you make it public? Maybe your subnet has some config missing to make it public? Does it have a proper route table and an IG? – ashish.g Jan 31 '22 at 15:24

1 Answers1

1

BTW, answer is it's not best practice to connect your aws RDS instance from local means from outside the aws account. It must be in private VPC.

However, still if you need use this.

Pass the -u with username using command line the below one :

mysql -u {username} -p'{password}' \
    -h {remote server ip or name} -P {port} \
    -D {DB name}

\connect --mysql -u admin xzy.us-east-1.rds.amazonaws.com
prashant thakre
  • 5,061
  • 3
  • 26
  • 39
  • Thanks for your reply. I tried the first statement in Command Prompt, resulting the the ERROR 2003 (as described in the initial question). When I try the second statement in MySQL shell, it just tells me "\connect [--mx|--mysqlx|--mc|--mysql] " – Moritz Jan 30 '22 at 18:07