Connect to AWS RDS MySQL database instance with Flask-SQLAlchemy

Question

For my Flask app, I want to use the Flask-SQLAlchemy extension to connect to a database instance I created on AWS RDS.

When I try to connect, the application times out and I get the following error:

sqlalchemy.exc.OperationalError: (OperationalError) (2003, "Can't connect to MySQL server on 'xxxxxxxxxxxxxxx.xxxxxxxxxxxx.us-east-1.rds.amazonaws.com'(60")

My Code Looks Like This:

from flask import Flask
from flask.ext.sqlalchemy import SQLAlchemy
application = Flask(__name__)

application.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://{master username}:{db password}@{endpoint}/{db instance name}'
db = SQLAlchemy(application)

@application.route('/')
def hello_world():
    return 'Hello World'

if __name__ == '__main__':
    application.run()

The Flask-SQLAlchemy documentation says that the format of the SQLALCHEMY_DATABASE_URI for mysql database connections should look like this:

mysql://username:password@server/db

Additionally, I can check the AWS RDS console for information on my database instance. The console looks like this .

Right now I am assuming that "username" in SQLAlchemy refers to the "Master Username" in the AWS RDS console, "server" in SQLAlchemy refers to the "Endpoint" in the AWS RDS console, and "db" refers to the "Database Instance Name"

What am I doing wrong??

If someone could describe the SQLALCHEMY_DATABASE_URI for me with the AWS RDS console terms, that would completely solve the problem.

Answer 1

Go to your AWS RDS console and choose your instance -> DB Security Groups -> Click Default

and add a new CIDR as per the recommended IP range.

This is basically a firewall configuration which determines who can connect to the database instance.

You could set it as 0.0.0.0/0 so that firewall doesn't prevent you from accessing it from any host/network.

Answer 2

This is a valid path: EC2 dashboard -> Find network & security from left side panel -> Security groups.

If you have a security group created, you may go to number 2.

1. Creating a new security group:

There you can name your security group and description.

VPC will probably be automatically created for you.

After creating it, select it from the list.

2. Set up inbound and / or outbound connections:

Here you can configure inbound connections rules.

On edit -> add rule you have default presets for easy configuration, for example HTTP on port 80.

I hope this helps everyone from now on.

• Due to security reasons, try to only allow trusted IPs and / or security groups needed.

Answer 3

确保在附加配置下的数据库初始设置中创建数据库名称，除非 AWS RDS 不会创建数据库。

Answer 4

Since AWS interface has changed a lot so reposting the answer with updated interface.

1. Go to your database instances , click on your DB identifier for your db.
2. There you'll see Connectivity & security , in that click on VPC security groups under Security . There you'll see a list of security groups.
3. Now click on Inbound Rules , then on the right you'll see Edit Inbound Rules , click on that.
4. Your Inbound Rules should look like the picture below.

After adding these rules, just save them & try to connect, it should work.