I'm new to database administration and trying to connect to an AWS RDS MariaDB 10.3.20 instance from my Macbook (10.14.6) on a home network — having no luck. My understanding per other questions and documentation is that I need to make the RDS instance publicly available, but I think I've done that already.
Steps I've taken are:
- Created an AWS RDS MariaDB instance. It is in a VPC.
- Set it to Publicly Accessible -> Yes.
- Added a new Inbound rule in the default security group to accept connections on port 3306 from my laptop's IP address. I think with step #2 this is unnecessary (since it is accepting all ports, all traffic), but I've done it anyways.
- Looks like all 3 subnets on the VPC are connected to an Internet Gateway and should be accessible from the Internet, since they have a
0.0.0.0/0route in their routing table that connects to anigw-XXXXXdevice.
Yet on my laptop on my home network (I work from home, no corporate network), I can't connect via the command line:
$ mysql -u <adminusername> -P 3306 -h <RDS endpoint> -p
Enter password:
ERROR 2002 (HY000): Can't connect to MySQL server on <RDS endpoint>
After inputting my password the connection appears to time out. Error 2002 looks like MySQL isn't running on the target??
I feel like I'm missing some critical step about the VPCs or security groups or routing — can anyone point to more specific documentation or provide some more help / detail? Is it possibly something I have to do with my home router or cable modem (Comcast)? This question is very similar but looks like a corporate network configuration fix … do home routers have similar restrictions built-in? I have a TP Link Archer A7 with vanilla settings connected to a cable modem. I have tried setting up a Virtual Server to forward ports to my laptop on port 3306, but that doesn't improve anything.
Best Answer
So I solved this by creating a brand new VPC with two subnets, some new security groups, and a new internet gateway. I configured a security group with port
3306Inbound access to my local IP, set up the default routes in the subnets to the internet gateway, and created a new publicly accessible RDS MariaDB instance. Low and behold, it all worked!Doing a little digging, I suspect I messed up my default VPC during all my futzing around. It looks like somehow two IPv4 CIDR ranges got assigned to my default VPC -- one in the private range (
172.31....), and one with my home IP range. Those two must have confused the VPC and gotten it into a weird state. Deleting my home IP range from the list of CIDR blocks and leaving the private IP range got it to work, just like my new VPC!