If you use ACLs in your VPC, then be sure that they have rules that allow inbound and outbound traffic to and from the DB instance. Network ACLs act as a firewall for resources in a specific subnet in a VPC. You can also use an Amazon EC2 instance as a bastion (jump) host. You can use VPC peering by creating a peering connection between your source VPC and your instance's VPC to access the instance from outside its VPC. With Site-to-Site VPN, you configure a customer gateway that allows you to connect your VPC to your remote network. If your DB instance is in a private subnet, be sure to use VPC peering or AWS Site-to-Site VPN to connect to your instance securely. For more information, see Scenarios for accessing a DB instance in a VPC. Be sure that the DB instance is publicly accessible and associated with a public subnet (for example, the route table allows access from an internet gateway). Update your DB security group to allow traffic from the IP address range or Amazon EC2 security group that you use to connect. If the DB instance isn't in a VPC, then the instance might be using a DB security group to gate traffic. Any DB security group associated with the DB instance.For general information about VPC and DB instances, see Scenarios for accessing a DB instance in a VPC. You can specify an IP address, a range of IP addresses, or another VPC security group. If necessary, add rules to the security group associated with the VPC that allow traffic related to the source in and out of the DB instance. Any Amazon Virtual Private Cloud (Amazon VPC) security groups associated with the DB instance. Resolution Be sure that your DB instance is in the available stateīe sure that traffic from the source connecting to your DB instance isn't gated by one or more of the following: For more information, see Running a simple automation workflow. The automation doc also checks security groups based on the primary IP address of the EC2 instance, but that automation doesn't check specific ports. This automation document can diagnose network ACLs based on the primary IP address of the Amazon Elastic Compute Cloud (Amazon EC2) instance, but ephemeral ports aren't verified. Or you can use the AWSSupport-TroubleshootConnectivityToRDS AWS Systems Manager Automation document to diagnose the issue for you. Tip: You can use the following troubleshooting steps to identify the source of the connectivity issue. The client is running on a version that's incompatible with the database version.You don't have the required database permissions to access the instance.You're using an incorrect user name or password at the database level to access the instance from the DB client.The user authentication is incorrect because of one of the following reasons:.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |