I am setting up a RDS Maria database on AWS however am unable to get the security settings correct to access it from a non-AWS PC. It is on a VPC in us-west-2b with the following settings: Subnet Group: Default Subnets: us-west-2a; us-west-2b; us-west-2c Security Group: rds-launch-wizard Publically Accessible: Yes Encryption Enabled: No
Subnet Group: Default Subnets: us-west-2a; us-west-2b; us-west-2c Security Group: rds-launch-wizard Publically Accessible: Yes Encryption Enabled: No
All the subnets have the same Network ALC Settings: Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY
Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY
The Security group has the same inbound and outbound rules: Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY
Inbound Rules: <my ip>/32:3306 ALLOW; 0.0.0.0/0:ALL DENY Outbound Rules: 0.0.0.0/0:3306 ALLOW; 0.0.0.0/0:ALL DENY
There is a (default setup) Internet Gateway applied to the VPC. I have not added any subnet associations to the route table.
The database is online. Are there any additional settings which I should be looking at.
Thanks!
You should not limit the port in Subnet Network ACL Outbound Rules, just leave 0.0.0.0/0 ALLOW
(that is because the clients will use the random port to connect to mysql). Also, Subnet Network ACL
is usually not used for limiting access to resources, only security groups. In Security group, again do not modify Outbound rules, leave All traffic All All 0.0.0.0/0
.
Finally, there are no DENY
rules in Security Group settings, please double check which screen are you getting the above rules from?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.