Home / server / Questions / 1008310
In Process
Anna Hecht
Asked: 2020-03-26 02:41:48 +0800 CST

Can't connect to Amazon RDS MySQL

  • 772

I'm trying to connect to RDS MySQL from linux machine. When I test the connection with telnet, the telnet session succeeds but when I'm trying to connect to the db with the next command

mysql -h hostname -uusername -ppassword

I can't get access and the command gets stuck. In the RDS configuration the public accessibility is set to yes, and I added an inbound rule in the security group allowing access from all addresses.

I'm assuming that when this problem will be solved, I will be able to connect via jdbc that also doesn't work right now.

Thanks to the helpers!

update: attaching the outputs of the commands I ran: mysql command output

telnet command output

java mysql jdbc amazon-web-services rds

2 Answers

  1. If you can't connect to your MySQL DB instance, two common causes of connection failures to a new DB instance are:

    1. The DB instance was created using a security group that does not authorize connections from the device or Amazon EC2 instance where the MySQL application or utility is running. If the DB instance was created in a VPC, it must have a VPC security group that authorizes the connections. If the DB instance was created outside of a VPC, it must have a DB security group that authorizes the connections. Please refer this page VPC and RDS

    2. The DB instance was created using the default port of 3306, and your company has firewall rules blocking connections to that port from devices in your company network. To fix this failure, recreate the instance with a different port.

    • 1

  2. As socket connection test was successful, but you can't connect with a mysql client, take a look at the output of netstat to see what state the connection is in (replace x.x.x.x with the actual IP address of the RDS instance):

    netstat -an | grep x.x.x.x

    If you see the 'SYN' state when using a MySQL client, you might be running into an MTU issue.

    RDS, at the time this is written, may not support ICMP packets used for PMTUD (https://en.wikipedia.org/wiki/Path_MTU_Discovery#Problems_with_PMTUD). This can be a problem if you're trying to access RDS or RedShift that's in a VPC from a classic ec2 instance via ClassicLink. Try lowering the MTU with the following, then testing again:

    sudo ip link show
# take note of the current MTU (likely 1500 or 9001)
sudo ip link set dev eth0 mtu 1400

    If the lower MTU worked, be sure to follow up with AWS customer support for help and mention that you are seeing an MTU issue while trying to connect to your RDS instance. This can happen if TCP packets are wrapped with encapsulation for tunneling, resulting in a lower usable MTU for packet data/payload. Lowering the MTU allows the wrapped packets to still fit under the limit.

    If it didn't work, set your MTU back to its default and engage AWS support for further troubleshooting.

    • 1