Virendra helps you
troubleshoot common issues
connecting to an RDS database


I am unable to connect to my Amazon RDS database instance. Why, and how do I fix it?

Inability to connect to an Amazon RDS DB instance can be caused by a number of factors. Here are a few of the most common reasons:

  • The RDS DB instance is in a state other than available, so it cannot accept connections.
  • The source you use to connect to the instance is missing from the sources authorized to access the RDS DB instance in your security group, network ACLs, or local firewalls.
  • You use the incorrect DNS name or endpoint to connect to the DB instance.
  • Your Multi-AZ instance failed over, and the secondary instance uses a subnet or route table that doesn't allow inbound connections.

Ensure that your instance is in the "available" state

If you recently launched or rebooted your DB instance, confirm that the instance is in the available state in the RDS console. Depending on the size of your DB instance, it can take up to 20 minutes for the instance to become available for network connections.

Ensure that your DB instance allows connections

Ensure that traffic from the source connecting to your DB instance isn't gated by one or more of the following:

  • Any VPC security groups associated with the DB instance. If necessary, add rules to the security group associated with the VPC that allow traffic related to the source in and out of the DB instance. You can specify an IP address, a range of IP addresses, or another VPC security group. For general information about VPC and DB instances, see Scenarios for Accessing a DB Instance in a VPC.
  • Any DB security group associated with the DB instance. If the DB instance isn't in a VPC, it may be using a DB security group to gate traffic. Update your DB security group to allow traffic from the IP range, EC2 security group, or EC2 Classic instance you use to connect.
  • Network access control lists (ACLs). Network ACLs act as a firewall for resources in a specific subnet in a VPC. If you use ACLs in your VPC, make sure that they have rules that allow inbound and outbound traffic to and from the DB instance.
  • Network or local firewalls. Check with your network administrator to determine if your network allows traffic to and from the ports the DB instance uses for inbound and outbound communication.

Troubleshoot potential DNS name or endpoint issues

When connecting to your DB instance, you use a DNS name ("endpoint") provided by the RDS console. Make sure that you use the correct endpoint, and that you provide the endpoint in the correct format to the client you use to connect to the DB instance. For a list of DB engine connection tutorials, which includes instructions on how to find and properly use an endpoint in various client applications, see Getting Started with Amazon RDS.

Check the route tables associated with your Multi-AZ deployment

When you create a Multi-AZ deployment, you launch multiple replica DB instances in different Availability Zones to improve the fault-tolerance of your application. Ensure that the subnets associated with each instance are associated with the same or similar route tables. Otherwise, if your primary instance fails over to a standby replica, and the standby replica is associated with a different route table, traffic that was previously routed to your DB instance might no longer be routed correctly.

For more information about how to configure route tables, see Working with Route Tables. For additional information about Multi-AZ deployments, see High Availability (Multi-AZ).

Note: If you can connect to your DB instance but you get authentication errors, see How do I reset the master user password for my RDS DB instance?

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2015-10-12

Updated: 2017-03-20