Virendra helps you
troubleshoot common issues
connecting to an RDS database


I am unable to connect to my Amazon Relational Database Service (Amazon RDS) database instance. Why can't I connect, and how do I fix it?

The inability to connect to an Amazon RDS DB instance can be caused by a number of factors. Here are a few of the most common reasons:

  • The RDS DB instance is in a state other than available, so it cannot accept connections.
  • The source you use to connect to the instance is missing from the sources authorized to access the RDS DB instance in your security group, network ACLs, or local firewalls.
  • The incorrect DNS name or endpoint was used to connect to the DB instance.
  • The Multi-AZ instance failed over, and the secondary instance uses a subnet or route table that doesn't allow inbound connections.
  • The user authentication is incorrect. 

Be sure that your instance is in the "available" state

If you recently launched or rebooted your DB instance, confirm that the instance is in the available state in the Amazon RDS console. Depending on the size of your DB instance, it can take up to 20 minutes for the instance to become available for network connections.

If your instance is in the failed state, see My RDS DB instance is in the failed state.

Be sure that your DB instance allows connections

Be sure that traffic from the source connecting to your DB instance isn't gated by one or more of the following:

  • Any VPC security groups associated with the DB instance. If necessary, add rules to the security group associated with the VPC that allow traffic related to the source in and out of the DB instance. You can specify an IP address, a range of IP addresses, or another VPC security group. For general information about VPC and DB instances, see Scenarios for Accessing a DB Instance in a VPC.
  • Any DB security group associated with the DB instance. If the DB instance isn't in a VPC, it might be using a DB security group to gate traffic. Update your DB security group to allow traffic from the IP range, EC2 security group, or EC2 Classic instance you use to connect.
  • Connections outside a VPC. Be sure that the instance is publicly accessible and that the instance is associated with a public subnet (the route table allows access from an internet gateway). For more information, see Scenarios for Accessing a DB Instance in a VPC.
  • Network access control lists (ACLs). Network ACLs act as a firewall for resources in a specific subnet in a VPC. If you use ACLs in your VPC, be sure that they have rules that allow inbound and outbound traffic to and from the DB instance.
  • Network or local firewalls. Check with your network administrator to determine if your network allows traffic to and from the ports the DB instance uses for inbound and outbound communication.
    Amazon RDS does not accept internet control message protocol (ICMP) traffic, including ping.

Troubleshoot potential DNS name or endpoint issues

When connecting to your DB instance, you use a DNS name ("endpoint") provided by the Amazon RDS console. Be sure that you use the correct endpoint, and that you provide the endpoint in the correct format to the client you use to connect to the DB instance. For a list of DB engine connection tutorials, which includes instructions on how to find and properly use an endpoint in various client applications, see Getting Started with Amazon RDS.

Check the route tables associated with your Multi-AZ deployment

When you create a Multi-AZ deployment, you launch multiple replica DB instances in different Availability Zones to improve the fault tolerance of your application. Be sure that the subnets associated with each instance are associated with the same or similar route tables. Otherwise, if your primary instance fails over to a standby replica, and the standby replica is associated with a different route table, traffic that was previously routed to your DB instance might no longer be routed correctly.

For more information about how to configure route tables, see Working with Route Tables. For additional information about Multi-AZ deployments, see High Availability (Multi-AZ).

Note: If you can connect to your DB instance but you get authentication errors, see How do I reset the master user password for my RDS DB instance?

Verify the connectivity

Verify your connection by running one of the following commands:

telnet <RDS endpoint> <port number>
nc <RDS endpoint> <port number>

If either the telnet or nc commands succeed, it indicates that a network connection was established, and the issue is likely caused by the user authentication to the database, such as user name and password.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2015-10-12

Updated: 2018-03-21