# AWS RDS Connection Failed

Common Error Patterns

RDS connection failures typically manifest as:

bash
Could not connect to server: Connection timed out
bash
FATAL: password authentication failed for user "admin"
bash
Error: connect ETIMEDOUT at X.X.X.X:5432
bash
Host 'X.X.X.X' is not allowed to connect to this MySQL server

Root Causes and Solutions

1. Security Group Blocking Access

The RDS security group doesn't allow traffic from your source.

Solution:

Add inbound rule to the RDS security group:

bash
aws ec2 authorize-security-group-ingress \
  --group-id sg-0123456789abcdef0 \
  --protocol tcp \
  --port 3306 \
  --cidr 10.0.0.0/16

Verification Steps:

  1. 1.Navigate to RDS Console > Databases > your-db > Connectivity
  2. 2.Note the VPC security group
  3. 3.Check inbound rules allow:
  4. 4.- Port: Database port (3306 for MySQL, 5432 for PostgreSQL)
  5. 5.- Source: Your client IP or security group

2. VPC Subnet Misconfiguration

The RDS instance is in a private subnet without proper routing.

Solution:

Verify subnet group configuration:

bash
aws rds describe-db-subnet-groups \
  --db-subnet-group-name my-subnet-group
  1. 1.For public access:
  2. 2.Ensure subnets have route to Internet Gateway
  3. 3.Enable "Publicly accessible" on RDS instance:
bash
aws rds modify-db-instance \
  --db-instance-identifier my-db \
  --publicly-accessible \
  --apply-immediately

3. Incorrect Credentials

Authentication fails due to wrong username/password.

Solution:

Reset master password:

bash
aws rds modify-db-instance \
  --db-instance-identifier my-db \
  --master-user-password NewSecurePassword123! \
  --apply-immediately

Verify credentials work:

```bash # MySQL mysql -h my-db.xxxxx.region.rds.amazonaws.com -u admin -p

# PostgreSQL psql -h my-db.xxxxx.region.rds.amazonaws.com -U admin -d postgres ```

4. Database Port Blocked

Firewall or security group blocks the database port.

Solution:

Check default ports and ensure they're open: - MySQL: 3306 - PostgreSQL: 5432 - SQL Server: 1433 - Oracle: 1521 - MariaDB: 3306

```bash # Test connectivity nc -zv my-db.xxxxx.region.rds.amazonaws.com 3306

# Or with telnet telnet my-db.xxxxx.region.rds.amazonaws.com 3306 ```

5. SSL/TLS Certificate Issues

Connection requires SSL but certificate is invalid.

Solution:

Download and use the correct CA certificate:

```bash # Download RDS CA certificate wget https://truststore.pki.rds.amazonaws.com/global/aws-rds-ca-global-bundle.pem

# Connect with SSL mysql -h my-db.xxxxx.region.rds.amazonaws.com \ -u admin -p \ --ssl-ca=aws-rds-ca-global-bundle.pem \ --ssl-mode=REQUIRED ```

For applications, specify SSL parameters:

```python import mysql.connector

conn = mysql.connector.connect( host='my-db.xxxxx.region.rds.amazonaws.com', user='admin', password='password', ssl_ca='aws-rds-ca-global-bundle.pem', ssl_verify_cert=True ) ```

6. Max Connections Exceeded

Database has reached connection limit.

Solution:

Check current connections:

```sql -- MySQL SHOW STATUS LIKE 'Threads_connected'; SHOW VARIABLES LIKE 'max_connections';

-- PostgreSQL SELECT count(*) FROM pg_stat_activity; SHOW max_connections; ```

Increase max connections (requires parameter group modification):

```bash aws rds modify-db-parameter-group \ --db-parameter-group-name my-param-group \ --parameters "ParameterName=max_connections,ParameterValue=500,ApplyMethod=pending-reboot"

aws rds reboot-db-instance --db-instance-identifier my-db ```

7. Instance Not Available

RDS instance is in a non-available state.

Solution:

Check instance status:

bash
aws rds describe-db-instances \
  --db-instance-identifier my-db \
  --query 'DBInstances[*].DBInstanceStatus'

Possible states: - creating - Wait for completion - modifying - Wait for modification to complete - backing-up - Temporary, should resolve shortly - failed - Check error messages

Troubleshooting Checklist

```bash # 1. Check instance status aws rds describe-db-instances --db-instance-identifier my-db

# 2. Verify security group rules aws ec2 describe-security-groups --group-ids sg-0123456789abcdef0

# 3. Test network connectivity nc -zv my-db.xxxxx.region.rds.amazonaws.com 3306

# 4. Check parameter group settings aws rds describe-db-parameters --db-parameter-group-name my-param-group

# 5. Review logs for errors aws rds describe-db-log-files --db-instance-identifier my-db ```

Connection String Examples

MySQL

```bash # Standard connection mysql -h my-db.xxxxx.region.rds.amazonaws.com -u admin -p

# Connection string jdbc:mysql://my-db.xxxxx.region.rds.amazonaws.com:3306/mydb?useSSL=true ```

PostgreSQL

```bash # Standard connection psql -h my-db.xxxxx.region.rds.amazonaws.com -U admin -d mydb

# Connection string postgresql://admin:password@my-db.xxxxx.region.rds.amazonaws.com:5432/mydb?sslmode=require ```

Python Example

```python import psycopg2

conn = psycopg2.connect( host='my-db.xxxxx.region.rds.amazonaws.com', database='mydb', user='admin', password='password', port=5432, sslmode='require' ) ```

Prevention Tips

  1. 1.Use RDS Proxy for connection pooling
  2. 2.Implement connection retries with exponential backoff
  3. 3.Store credentials in AWS Secrets Manager
  4. 4.Enable Enhanced Monitoring for proactive alerts
  5. 5.Use private subnets with NAT Gateway for secure access
  • [AWS IAM Permission Denied](#)
  • [AWS EC2 Instance Not Reachable](#)
  • [AWS VPC Peering Not Working](#)