Simple Connection to Amazon RDS MySQL Database using MySQL Workbench

Question

I am just trying to connect to an Amazon MySQL RDS instance from MySQL Workbench on my local machine. I am not trying to connect from an EC2 instance or any other server at this point or do anything special. I simply want to connect in the most basic way so I can add a database, tables, and some data from within MySQL Workbench.

I have the MySQL Workbench application downloaded and installed on my Mac computer running OSX 10.9.4.

I have set up a MySQL RDS instance on Amazon AWS.

I have an EC2 Security Group that is authorized for this RDS instance. (Should I be using a CIDR/IP security group? If so can you go into more detail please)

I opened MySQL Workbench and am in the Setup New Connection window:

• Connection Method is set to Standard(TCP/IP).
• Hostname is the Endpoint that I find under my RDS Dashboard for this instance
• Username is my Master Username that I made when I created this RDS instance.
• Password asks to 'Store in Keychain...' I put the Password I made when I created this RDS instance.

When I test the connection in WorkBench, I get the error:

Can't connect to MySQL server on 'SERVER_IP_ADDRESS' (60)

What am I doing wrong? Please go step by step from the beginning for a newbie.

Answer 1

I have an EC2 Security Group that is authorized for this RDS instance. (Should I be using a CIDR/IP security group? If so can you go into more detail please)

This is the part you seem to be missing. You need to edit your security group settings:

• You need to authorize the IP of the computer that is trying to connect to the RDS instance by CIDR/IP. If you are using the same computer to edit the security group as you are using to try to connect via MySQL Workbench then when you select the "Connection Type: CIDR/IP" (at the bottom of the Security Group settings) the dialog will auto-fill with your own IP block (Your IP appended with /32).

• Click Authorize and that should do it.

I have experienced this authorization to take from a few seconds to a minute to visually complete in the AWS Console, but once it says "Authorized" the connection should work.

That is, of course, assuming your connection string is correct. ;)

Answer 2

Few things you want to make sure:

• Your VPC security group is allowing for connections on the port you're using (default 3306).
• Make sure you have an Internet Gateway attached to your VPC.
• Your subnet's route table must contain a route that directs Internet-bound traffic to the Internet gateway. ( source )

For me, the last one slipped through. Specifically I added a destination to the route table leading to 0.0.0.0/0 (ALL). I don't know the security implication of this, but it worked after that. This is a throwaway db for me and it's isolated from other instances/VPCs.

Answer 3

This link helped me:

http://domino.symetrikdesign.com/2010/10/07/how-to-create-a-mysql-workbench-connection-to-amazon-ec2-server/

SSH Hostname should be the public DNS of your ec2 instance.

SSH Username should be the username for your ec2 instance (eg: ec2-user).

SSH password should be your password for ec2 instance.

MySQL Hostname should be the "endpoint that you find on your RDS Dashboard"

Username and password should be the username and password for the rds instance.

Answer 4

e.thompsy's answer helped me however things have changed in the AWS interface since then. In order to allow your computer's IP to access the MySQL instance:

1. Navigate to the RDS Dashboard and click Intances. This will list your RDS instances.
2. Expand the RDS instance you're wanting access to.
3. Under the Security & Network section, the security group is listed and it will have an identifier of the security group name (sg-xxxxxx)
4. In a separate tab, open the EC2 Dashboard.
5. On the left menu under "Network & Security", click on "Security Groups"
6. Click on the Security Group with the matching Group ID from your RDS instance.
7. Options are listed below for that group. Click on "Inbound".
8. Click "Edit". A dialogue box will pop up.
9. Click "Add Rule"
10. Select MYSQL/Aurora and it will fill in TCP for Protocol and 3306 for Port Range which is the default MySQL port. If you want to change this, select Custom TCP and enter in the range you want to open.
11. On the "Source" drop down, choose "My IP" if you are on the computer you need to have access, otherwise choose "Custom" and enter the IP of the machine to give access to followed by "/32"
12. Click Save, then connect with MySql Workbench using "Standard TCP/IP" to your RDS endpoint using the port you specified. You'll have to of course enter in Username/Password upon doing so.

I'm not aware of the security implications of opening that port to your IP. If you are worried, I suggest you revoke the Inbound Rule when you are done needing access to the RDS instance.

Answer 5

1. On AWS security group, open 3306 for incoming connections from your machine
2. Grant privileges for remote access to MySQL - grant all privileges on . to ''@'' identified by '' with grant option; flush privileges;
3. Setup local MySQL Workbench - MySQLWorkbench setup screenshot

Good luck!

Answer 6

You have a couple of options:

• Open up direct RDS access to your computer's IP address. This should be easy enough to do, but may not be that secure if your IP address is not static or is provided via NAT that would allow other machines to share same IP.
• Access RDS via SSH tunnel on your EC2 instance. You would SSH into your EC2 instance using appropriate key and then connect to RDS from there. This is probably best configuration form a security standpoint as you don't need to open up any additional holes in RDS firewall, and you typically would have SSH enabled to access your EC2 instance anyway.

Answer 7

Amazon's instructions for the task seem decent, so I'm not going to try to duplicate the whole thing here; just the relevant parts. I use the command line, but the same settings apply for MySQL Workbench as well:

mysql -h hostname

If this is not helpful, feel free to leave a comment.

Answer 8

To connect Mysql RDS via MySQL Workbench, try below steps.

Type : mysql -h -P 3306 -u -p in windows cmd [you will be prompted to enter password] If Security group and username,pwd are correct , you will get mysql dialog

ERROR 2003 (HY000): Can't connect to MySQL server on '' (10060) - error occurs when NO Inbound rules are there.

Always try to maintain a new Security Group for DB.

If default Security group is selected, access is denied by default.

Security group Inbound rule has to be modified to MYSQL/Aurora TCP 3306 MyIP

it gets connected.

Answer 9

You can simply use workbench recommended by aws but make you you all SSL and MYSQL/Aurora availibily on for everywhere..while adding MYSQL/Aurora 3306 to security group

https://aws.amazon.com/getting-started/tutorials/create-mysql-db/

Answer 10

Sounds like your issue is you need to set your inbound RULES to accept your development machine IP. Once you do that, you can use MySQL Workbench to connect to MySQL RDS.