What’s the problem?
I recently needed to create a MariaDB instance in AWS/RDS. Because of ‘legacy’ it was a requirement that the DB should be accessible from EC2 instances inside AWS, as well as some servers running legacy apps outside of AWS.
The problem is that after setting everything up as you would expect – the final outcome is that the DB is NOT externally accessible.
What’s the scenario?
So first, create a Security Group which grants access to TCP/3306 for all internal and external hosts that will need to use the DB.
Work through the DB setup – ensuring that the Security Group that you created is assigned to the new DB.
As you work through setting up your DB in RDS there is a helpful option ‘allow external access to the DB’ – make sure that this is selected.
<screenshot>
Finish the DB setup, and proceed. Next wait for about 5 minutes while your instances are provisioned and the DB created.
From any external host with access via the Security Group, fire up your MySQL client and attempt to access the DB.
At this point – your experience may be that all works well, as you have DB access – congratulations, stop reading now.
My experience however was that my DB client would just timeout when attempting to connect to the DB Server. No access.
What’s the problem and how do I fix it?
After some judicious Googling, and reviewing tutorials on VPC/Subnet/Gateway/Routing to see what I had missed, the problem is that your Subnet must be explicitly associated with your Route Table – and NOT just left as a default association.
So, to fix this – in AWS, go to VPC configuration and select Route Tables.
Select your route table and then under ‘Actions’ choose ‘Edit Subnet Associations’. Then explicitly add your Subnets to the Route table.
That’s it – fixed. Your external clients should now be able to access your RDS instance – Oh, you did have an external route in your Route Table, assigned to an Internet Gateway – right?