I have two RDS instances, both hosted in the same VPC, and on the same subnet. Both have the same security group applied. Both are the same size, encryption disabled, basically exactly the same other than the instance name and table name.
However, I can only connect to one of them (an older one). The one I've created (and recreated) today gives me 116 "Connection timed out" — I can't even telnet to the endpoint:port. Are there factors outside of the RDS dashboard that I should look into? I've even tried adding Allow ALL from ::/0 to the security group, with no luck.
Best Answer
The problem here ended up being the default RDS Subnet Group (different from the VPC Subnet you typically use, most likely) auto-added both private and public IP blocks.
For my first RDS, it just so happened to get assigned a publicly accessible IP block (still a 10.x, but access from the public) -- my second RDS instance got a private one (so my apps in EC2 could connect, but I couldn't from outside the VPC). We've created a new RDS Subnet containing only private-access IP blocks, and will use ssh tunneling to administer the instances as needed, since publicly accessible DBs tend to not go so well..