What do I need to know about the IP addresses assigned to my Amazon RDS DB instances?

6 minute read
0

I'm looking for information related to the IP addresses assigned to my Amazon Relational Database Services (Amazon RDS) instances.

Resolution

When Amazon RDS creates a DB instance in a virtual private cloud (VPC), a network interface is assigned to your DB instance using an IP address from your DB subnet group. Two different types of IP addresses are assigned to your instance based on the configuration of your instance.

  • Private IP address: When you launch a DB instance inside a VPC, the DB instance has a private IP address for traffic inside the VPC. This IP address isn't accessible from the internet. This IP address is used for connecting to the instance from the resources inside the same VPC. By default, every Amazon RDS DB instance has a private IP address. This IP address is assigned from the range that you defined in your DB subnet group.
  • Public IP address: The public IP address is accessible from the internet. This IP address is used for connecting to the instance from the resources outside of the VPC or from internet. A public IP address is assigned to your DB instance only when the configuration setting Publicly accessible is selected for the instance.

I've selected the Publicly accessible setting for my RDS instance, but a public IP address isn't assigned to the instance

Typically this happens when the subnets in your DB subnet group are private subnets.

To resolve this issue, do the following:

  1. Open the Amazon RDS console.
  2. In the navigation pane, choose Subnet groups.
  3. Choose the subnet group that the DB instance is associated with.
    You can view the subnet groups with the VPC ID and subnet IDs of the subnets associated.
  4. Open the Amazon VPC console.
  5. In the navigation pane, choose Internet Gateways.
  6. Check whether your VPC is attached to an internet gateway.
    If your VPC isn't attached to an internet gateway, then create and attach an internet gateway to your VPC.
  7. In the navigation pane, choose Route tables.
  8. Choose the route table associated with your VPC.
  9. Choose the Subnet associations tab. Then, verify that all the subnets in your DB subnet group are attached to the route table.
    If the subnets aren't associated with the route table, choose Edit subnet associations. Then, select the subnet to be associated with the route table. For more information, see Associate a subnet with a route table.
  10. Choose the Routes tab. Then, verify that all the subnets in your DB subnet group have 0.0.0.0/0 in the Destination field and the internet gateway ID in the Target field.
    If the subnets have different values for the Destination and Target fields, then edit the route to include the preceding values. For more information, see Add and remove routes from a route table.
  11. Open the Amazon RDS console.
  12. In the navigation pane, choose Databases.
  13. Select the DB instance that you want to modify, and then choose Modify.
  14. Under Connectivity, expand the Additional configuration section, and then select Publicly accessible.
  15. Choose Continue.
  16. Choose Modify DB instance.

Note: Be sure that your subnet group doesn't include a combination of public and private subnets. This combination might result in situations, such as the primary instance running in the public subnet while the secondary is running in a private subnet in a Multi-AZ configuration. These situations result in connectivity issues after a failover.

I want to find the private and public IP addresses for my Amazon RDS DB instance

In Amazon RDS, the IP addresses are dynamic while the endpoints are static. Therefore, it's a best practice to use endpoints to connect to your instance. Every Amazon RDS instance has an endpoint. To find the endpoint, also called the DNS Name, of your instance, do the following:

  1. Open the Amazon RDS console.
  2. In the navigation pane, choose Databases.
  3. Choose the database instance for which you want to find the IP address.
  4. Choose the Connectivity & security tab.

You can see the endpoint information under the Endpoint & port section.

When you try to connect to your DB instance from resources within the same VPC, your RDS endpoint automatically resolves to the private IP address. When you connect to your DB instance from either outside the VPC or the internet, the endpoint resolves to a public IP address.

You can also find the IP address of your RDS instance by running either of the following commands:

nslookup example-rds-endpoint

-or-

dig example-rds-endpoint

You might see an output similar to the following when you run the nslookup command for an RDS DB instance:

  • Output from an Amazon Elastic Compute Cloud (Amazon EC2) instance in the same VPC resolves to a private IP address:
[ec2-user@ip-172-xx-xx-xx ~]$ nslookup myoracledb.xxxxx.us-east-1.rds.amazonaws.com
Server: xxx.xxx.xxx.xxx
Address: xxx.xxx.xxx.xxx#53
Non-authoritative answer: myoracledb.xxxxx.us-east-1.rds.amazonaws.com canonical name = ec2-3-232-189-42.compute-1.amazonaws.com.
Name: ec2-3-232-189-42.compute-1.amazonaws.com
Address: 172.31.8.27
  • Output from an Amazon EC2 instance in a different VPC resolves to the public IP address:
[ec2-user@ip-172-xx-xx-xx ~]$ nslookup myoracledb.xxxxx.us-east-1.rds.amazonaws.com
Server: xxx.xxx.xxx.xxx
Address: xxx.xxx.xxx.xxx#53
Non-authoritative answer: myoracledb.xxxxx.us-east-1.rds.amazonaws.com canonical name = ec2-3-232-189-42.compute-1.amazonaws.com.
Name: ec2-3-232-189-42.compute-1.amazonaws.com
Address: 3.232.189.42

The IP addresses of my DB instances aren't consistent

Because the IP address of your instance is dynamic, you can't assign a static IP address or an Elastic IP address to your instance. The IP address assigned to an RDS DB instance changes under one or more of the following conditions:

  • The instance is stopped and started again.
    Note: When the instance is rebooted, the IP addresses don't change.
  • The underlying host is replaced because of circumstances such as instance failure and DB instance class update.
  • A hardware maintenance happened on the instance.
  • The instance is in a Multi-AZ environment, and a failover happened.
  • The operating system of the DB instance undergoes software patching.
  • A manual failover of the DB instance is initiated using a reboot with failover.
  • The DB engine undergoes a major or minor version upgrade.
  • There is an outage in the Availability Zone of the instance.

Related information

Working with a DB instance in a VPC

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago
2 Comments

It should be noted, when the RDS instance is publicly accessible and the EC2 has been configured to a use an external DNS server (EG Managed AD), when querying the RDS IP address, the EC2 instance will receive the external IP address (rather than the Internal address as outlined above), If the private IP address is required (for testing), the following AWS CLI commands can help here:

Linux/CloudShell: aws ec2 describe-network-interfaces --filters Name=addresses.association.public-ip,Values=<externalIPAddress> | grep ""PrivateIpAddress":"

Windows: aws ec2 describe-network-interfaces --filters Name=addresses.association.public-ip,Values=<externalIPAddress> | findstr ""PrivateIpAddress":"

replacing the <externalIPAddress> placeholder with the external address

It is important to note that the internal address is likely to change, as per the above article, so the IPs should not be hard coded into any configuration file.

see https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-network-interfaces.html for more details.

Daniel
replied 9 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 9 months ago