Fix Can't Connect to RDS from EC2

Introduction

Can't connect to RDS from EC2 usually means the two resources exist in AWS but one of the network or auth layers between them is still wrong. The most common misses are security group rules, route assumptions, DNS resolution, wrong port, or TLS requirements.

Symptoms

The application on EC2 times out or gets connection refused
The RDS instance looks available in the console
Local tests differ from traffic running on the EC2 host

Common Causes

The RDS security group does not allow the EC2 source group or CIDR
The client uses the wrong endpoint or port
DNS or TLS settings are wrong on the EC2 instance

Step-by-Step Fix

1.Confirm the EC2 instance can resolve the RDS endpoint.
2.Check security groups on both the instance and the database.
3.Test the exact database port from the EC2 host.
4.Re-check credentials and TLS settings only after the network path is open.

Prevention

Use security group to security group rules instead of broad CIDRs
Keep endpoint, port, and TLS assumptions documented per environment
Validate connectivity from the EC2 host after every subnet or SG change

Fix Can't Connect to RDS from EC2

Introduction

Symptoms

Common Causes

Step-by-Step Fix

Prevention

People also search for

Share this guide

More AWS Troubleshooting Guides

AWS DynamoDB Contributor Insights Not Showing

AWS DynamoDB DAX Cache Miss

AWS DynamoDB Global Table Replication Lag

AWS Step Functions Workflow Stuck Waiting

AWS Step Functions Execution Throttled

AWS EventBridge Pipe Source Error