Troubleshoot AWS Database Remote Connectivity

Connecting to AWS database remotely, e.g. from your local computer, can be tricky sometimes, and it involves complex VPC(Virtual Private Cloud) conception, this tutorial will help you walk through the steps to set up AWS database remote connectivity without the need for understanding of VPC.

  1. Check your database instance is "Publicly accessible", if not, change the Publicly Accessible property to Yes:

    • Choose Modify.
    • Under Connectivity, extend the Additional configuration section, and then choose Publicly accessible.
    • Choose Continue.
    • Choose Apply Immediately, and Modify DB Instance. It may take some time to take effect.
      aws-rds-connect-1
  2. Make sure your database instance is associated with public subnets group:

    • In your AWS management console, you can see all the subnets associated with a database instance as the following image shows:
      aws-rds-connect-2
    • Click one of them, and check if it is associated with a public route table: if on "Route table", you can see that there is a route with 0.0.0.0/0 as the destination and the internet gateway for your VPC as the target, then it is associated with a public route table. Otherwise, you need to change the route table association.
    • Find the public route table and change the subnets' route table association(skip this if the subnet is associated with a public route table)
      • On "Route tables", find the table that has a route with 0.0.0.0/0 as the destination and the internet gateway for your VPC as the target, this is the public route table.
        aws-rds-connect-3
      • Choose "Edit route table association" and choose the public route table ID under "Route table ID" list;
        aws-rds-connect-4
    • Make sure all the subnets associated with the database instance are associated with the public route table.
  3. Make sure Inbound rules allow your IP addresses.
    aws-rds-connect-5
    aws-rds-connect-6

    • Click the VPC security groups under "Security", and check if the "Inbound rules" include your IP address.
    • If the inbound rules don't include your IP address, you can choose "Create security group" to add your IP address.(use 0.0.0.0/0 as inbound rule's source IP means allowing all public IP)
    • Associate the new created security group to your database instance: choose "Modify" on database instance info page, under "Connectivity", add the new security group to Security group, and save the change.

If you still can't connect to you database instance, please check AWS doc: Troubleshooting for Amazon RDS for more information.