什么会阻止我从 AWS EC2 虚拟机连接到 AWS RDS 上的 MySQL 服务器?

我在 AWS 中有一个已正确设置的 MySQL RDS 实例.

I have a MySQL RDS instance in AWS which has been set up properly.

我在 AWS 中也有一个 Linux EC2 实例.

I also have a Linux EC2 instance in AWS.

但是,我无法从 EC2 实例连接到我的 RDS 实例.

However, I can't connect to my RDS instance from the EC2 instance.

我可以从我自己的笔记本电脑连接到 RDS 实例.

I can connect to the RDS instance from my own laptop, however.

我怀疑这是四件事之一

  • RDS 实例的接口绑定 - 它正在侦听外部接口而不是内部接口
  • RDS 实例的防火墙 - 允许来自 AWS 网络外部的连接,但不允许来自内部的连接
  • EC2 实例的防火墙 - 它不允许连接到 RDS 实例
  • EC2 实例上的名称解析 - 由于某种原因,RDS 实例的名称未解析为正确的 IP 地址

但是,据我所知,我已经检查了所有这些,它们似乎是有序的.

However, I have checked all of these to the best of my knowledge, and they seem to be in order.

我应该看什么?

更新 1:在@maird 提出问题后,我检查了 EC2 实例和 RDS 实例是否位于同一 VPC 上.这有什么影响?

Update 1: Following a question by @mbaird, I have checked that both the EC2 instance and the RDS instance are on the same VPC. What implications does that have?

更新 2:根据用户@"Michael - sqlbot" 提出的一个问题,当我说无法连接时,在命令行运行 mysql 时,使用

Update 2: Following a question by the user @"Michael - sqlbot", when I say cannot connect, when running mysql at the command line, with

mysql --host=<my-hostname> --port=3306 --user=<user> --password=<password>

我可以从我自己的笔记本电脑连接,但是当我尝试从我的 EC2 实例连接时,它只是坐在那里什么也不做.过了一会儿,我收到消息

I can connect form my own laptop, but when I try connecting from my EC2 instance, it just sits there doing nothing. After a while, I get the message

ERROR 2003 (HY000): Can't connect to MySQL server on '<my-hostname>' (110)

此外,当我尝试从我的 Java 应用程序服务器连接到它时,我在我的堆栈跟踪中得到以下内容

Also, when trying to connect to it from my Java application server, I get the following in my stack trace

Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
...
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
...
Caused by: java.net.ConnectException: Connection timed out

更新 3:DNS 解析因我在 AWS 内部还是外部而有所不同.

Update 3: The DNS resolution is different depending on whether I am internal to AWS or external.

nslookup <my-hostname>

在我的笔记本电脑上会得到一个 IP 地址 52.11.*.* 范围,而在我的 EC2 实例上做同样的事情会得到一个在 172.31.*.* 范围内的 IP 地址代码>范围.

on my laptop results in an IP address 52.11.*.* range, while doing the same from my EC2 instance results in an IP address in the 172.31.*.* range.

推荐答案

如果您的 EC2 实例和 RDS 数据库实例在不同的 VPC 中,您可能正在使用 VPC 对等连接来连接两个 VPC.但就您而言,两者都在同一个 VPC 中.那挺好的.确保 RDS 数据库实例在私有子网中启动,EC2 实例在公共子网中启动.

If your EC2 Instance and RDS DB Instance are in different VPC, you might be using VPC peering to connect two VPCs. But in your case, both are in same VPC. That's good. Make sure RDS DB Instance are launched in private subnet and EC2 Instance are launched in public subnet.

在 EC2 实例中连接 RDS 数据库实例

  1. 在 RDS 数据库实例安全组中,您需要为 EC2 实例打开流量.
  2. 点击 RDS 仪表板中的数据库安全组.点击入站标签.编辑按钮用于在安全组中添加或删除规则.
  3. 为 EC2 实例添加规则以访问您的数据库.假设您已经在数据库实例中启动了 MySQL 数据库引擎.您需要为 EC2 实例打开 3306 端口.您可以使用 EC2 实例的私有 IP 连接 RDS 数据库实例.
  4. SSH 到 EC2 实例,安装 mysql-server 包.您需要使用 mysql-server 连接 RDS 数据库实例.
  5. mysql --host=--port=3306 --user=<用户>--password= 用于连接 RDS 数据库实例的命令.
  1. In RDS DB Instance security group, you need to open traffic for EC2 instance.
  2. Click DB Security Group from RDS Dashboard. Click on Inbound tab. Edit button is used to add or remove rules from security group.
  3. Add rule for EC2 Instance to access your database. Let's say, you have launched MySQL DB Engine in DB Instance. You need to open 3306 port for EC2 Instance. You can use Private IP of EC2 instance to connect with RDS DB Instance.
  4. SSH into EC2 instance, install mysql-server package. You need to connect RDS DB Instance using mysql-server.
  5. mysql --host=<my-hostname> --port=3306 --user=<user> --password=<password> command used to connect with RDS DB Instance.

在 MySQL WorkBench 中连接 RDS 数据库实例

  1. 在 MySQL WorkBench 中,点击设置新连接.

给出连接名称.选择标准 (TCP/IP) over SSH.您需要提供 SSH 主机名、用户名和密钥文件以及 MySQL 主机名、端口、用户名和密码.

Give connection name. Choose Standard (TCP/IP) over SSH. You need to provide SSH hostname, username and keyfile as well as MySQL hostname, port, username and password.

SSH 凭据与 EC2 实例凭据无关.对于 Keyfile,您必须浏览 KeyPair(.pem) 文件.在 RDS 主机名中,您必须提供可在 RDS 仪表板中使用的端点.

SSH credentials is nothing as EC2 instance credentials. For Keyfile, you have to browse for KeyPair(.pem) file. In RDS Hostname, you have to provide endpoint which is available in RDS dashboard.

要验证连接,请点击测试连接按钮.

To verify connection, click on Test Connection button.

您选择标准 (TCP/IP) over SSH 的原因是通过 EC2 实例连接 RDS 数据库实例.首先,它将连接到 EC2 实例,然后访问 RDS 数据库实例,因为数据库实例没有互联网访问权限,并且它在私有子网中.

The reason you are choosing Standard (TCP/IP) over SSH is to connect RDS DB Instance through EC2 Instance. First, It will connect to an EC2 Instance and then access to RDS DB Instance because DB Instance doesn't have internet access and it is in Private Subnet.

确保在 Java Web 应用程序中,您提到的 RDS 主机名、端口、用户名和密码是正确的.无需在应用程序中提及 EC2 主机名.

Make sure in java web application, you mentioned RDS hostname, port, username and password are correct. No need to mention EC2 hostname in the application.

相关文章