Unable to access amazon RDS mysql instance from lightsail instance
Asked Answered
G

2

5

I am new to AWS and not a network admin, mere a developer, and need your help.

I am unable to connect to my aws RDS (mysql) from my lightsail ubuntu instance. when trying to connect, it just wait for a minute and then fails. I am unable to ping my RDS either.

here is the setup
the lightsail instance has vpc peering enabled in lon-zone-A I have created a mysql RDS instance in aws and used default vpc peering. mysql is restricted to VPC and using default security group which has a rule for inbound - All traffic for default security group source

the default VPC have 2 subnets in CIDR 172.31.16.0/20 and 172.31.0.0/16 for two availability zone A and B.
In route table of the subnet, i have
172.26.0.0/16 as destination and target to vpc peering which further has

Requester VPC CIDRs 172.26.0.0/16
Accepter VPC CIDRs 172.31.0.0/16

My lightsail instance has private IP 172.26.15.xxx and in lon-Zone-A When i ping my mysql intance, i get ip 172.31.10.9

command using to connect mysql -h xxxxxx.xxxxx.eu-west-2.rds.amazonaws.com -P 3306 -u db_master_username -p

Greybeard answered 30/12, 2017 at 21:37 Comment(0)
G
3

I managed to solve. it. I had to add my lightsail instance IP CIDR in the RDS inbound rule as mysql/aurora TCP allowed traffic. :-)

Greybeard answered 30/12, 2017 at 22:17 Comment(2)
You will now also note that you still can't ping RDS. That is normal/expected behavior. RDS doesn't respond to pings.Quincyquindecagon
Would Aurora also work? I am attempting to use Aurora as the database, have added the inbound rule to the security group already, however I still cannot access the database.Verine
M
16

To enable access from AWS Lightsail to AWS RDS you can accomplish in two separate ways:

Method 1.

  1. Make RDS publicly accessible.

    In RDS pick you instance and click 'Modify'. In section 'Network & Security' choose 'Publicly accessible' to Yes. Apply settings and wait until they are effective. Your RDS has public IP now.

  2. Add your Lightsail public IP to the RDS security group inbound traffic.

    Use CIDR: x.x.x.x/32 where x.x.x.x is your Lightsail instance public IP.

Method 2. (better, RDS with no public IP)

  1. Make sure you Lightsail instance is in the same Availability Zone as RDS.
  2. Set up VPC peering beetween Lightsail VPC and Amazon VPC.

  3. Add your Lightsail local IP to the RDS security group inbound traffic.

Miscellaneous answered 12/9, 2018 at 15:7 Comment(2)
Would peering work when the Lightsail VPC and Amazon VPC are in different AZ but same region? The reason stems from multi-AZ failover and scalability.Verine
No they both have to be in the same region.Goggle
G
3

I managed to solve. it. I had to add my lightsail instance IP CIDR in the RDS inbound rule as mysql/aurora TCP allowed traffic. :-)

Greybeard answered 30/12, 2017 at 22:17 Comment(2)
You will now also note that you still can't ping RDS. That is normal/expected behavior. RDS doesn't respond to pings.Quincyquindecagon
Would Aurora also work? I am attempting to use Aurora as the database, have added the inbound rule to the security group already, however I still cannot access the database.Verine

© 2022 - 2024 — McMap. All rights reserved.