Why can't I connect to my Amazon RDS for Oracle database instance?

Last updated: 2021-10-14

I can't connect to my Amazon Relational Database Service (Amazon RDS) for Oracle DB instance.

Short description

Some of the most common reasons why you can't connect to your Amazon RDS for Oracle DB instance include the following:

  • You have incorrect configurations in your security group, network access control lists (ACLs), or local firewalls that might block traffic to the instance.
  • Your instance isn't in the available state.
  • You used incorrect user credentials.

Resolution

Use the tnsping utility to check if the Oracle client can connect to the RDS for Oracle DB instance when these conditions are both true:

  • You have an Oracle client installed.
  • You added the database entry to the tnsnames.ora file on the client side.

If the Oracle client can't connect to the DB instance, then check the following:

  • If you're connecting from outside the VPC, be sure that the Publicly Accessible property of the DB instance is set to Yes. If this property is set to No, then the database isn't assigned a public IP address. Only Amazon Elastic Compute Cloud (Amazon EC2) instances and clients inside the Amazon Virtual Private Cloud (Amazon VPC) can connect to your database using the Amazon RDS private IP address. Additional configurations, such as VPC peering or AWS Direct Connect, must be configured for access from different VPCs or on-premises networks. If the Publicly Accessible property of the instance is set to Yes, then clients from outside the VPC that RDS is hosted in can connect to your DB instance through the internet using an internet gateway.
  • Be sure that the security group for your RDS DB instance allows the appropriate incoming traffic to your database.
  • Network ACLs act as a firewall for resources in a specific subnet in a VPC. If you use ACLs in your VPC, then be sure that they have rules that allow inbound and outbound traffic to and from your DB instance. By default, network ACLs allow all inbound and outbound traffic. If your network ACL is more restrictive, then you must explicitly allow traffic to the ephemeral port range.
  • If the client connection is originated from the on-premises network, check with your network administrator to determine if your network allows traffic to and from the ports that the DB instance uses for inbound and outbound communication.
  • Verify the network connection by running the following command. Be sure to replace the example-rds-endpoint and example-port-number values in the command with the RDS endpoint and port number.
    Note: Amazon RDS doesn't support internet control message protocol (ICMP) traffic, including ping.
telnet example-rds-endpoint example-port-number
  • Verify that the DNS server configured on the client side resolves the DNS endpoint name of the RDS instance to the correct IP address using the NSLOOKUP command:
nslookup  example-instance.example-accountcode.example-region.rds.amazonaws.com
  • Be sure that your RDS for Oracle DB instance is in the available state. Database activities, such as version upgrade, instance class upgrade, or Multi-AZ failover might cause brief outages. The outages might change the database instance state and cause connection issues to the database.
  • If the connection reaches the RDS for Oracle DB instance, but still fails, then be sure that the user credentials, such as the user name and password, used to connect to the database instance are accurate. You can reset the master user password, if required.

Did this article help?


Do you need billing or technical support?