AWS VPC Setup for RDS access

Question

I am setting up a RDS Maria database on AWS however am unable to get the security settings correct to access it from a non-AWS PC. It is on a VPC in us-west-2b with the following settings: Subnet Group: Default Subnets: us-west-2a; us-west-2b; us-west-2c Security Group: rds-launch-wizard Publically Accessible: Yes Encryption Enabled: No Subnet Group: Default Subnets: us-west-2a; us-west-2b; us-west-2c Security Group: rds-launch-wizard Publically Accessible: Yes Encryption Enabled: No

All the subnets have the same Network ALC Settings: Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY

The Security group has the same inbound and outbound rules: Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY

There is a (default setup) Internet Gateway applied to the VPC. I have not added any subnet associations to the route table.

The database is online. Are there any additional settings which I should be looking at.

Thanks!

Answer 1

You should not limit the port in Subnet Network ACL Outbound Rules, just leave 0.0.0.0/0 ALLOW (that is because the clients will use the random port to connect to mysql). Also, Subnet Network ACL is usually not used for limiting access to resources, only security groups. In Security group, again do not modify Outbound rules, leave All traffic All All 0.0.0.0/0 .

Finally, there are no DENY rules in Security Group settings, please double check which screen are you getting the above rules from?