Help Center/ Relational Database Service/ FAQs/ Database Connection/ What Should I Do If I Can't Connect to My RDS DB Instance?
Updated on 2024-10-22 GMT+08:00

What Should I Do If I Can't Connect to My RDS DB Instance?

Possible Causes

Try the following:

  1. Check whether the DB instance is available.

    For example, the system is faulty, the DB instance is abnormal, or the DB instance or a table is locked.

  2. (Common) Check whether the client connection is correct.
    • If you connect to a DB instance over a private network, ensure that the DB instance and ECS are in the same region and VPC.
    • If you connect to a DB instance over a public network, bind an EIP to the DB instance and then connect to the DB instance through the EIP.
  3. Check the connection method.

    Run either of the following example commands to enable or disable SSL:

    • SSL enabled: mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem
    • SSL disabled: mysql -h 172.16.0.31 -P 3306 -u root -p
  4. Check whether the parameters in the connection command are correct.

    For example, check whether the following parameters are configured correctly: connection address, port number, username, password, and connection method.

  5. (Common) Check whether the network connectivity is normal.

    For a private network connection:

    1. Check whether the ECS and DB instance are in the same region and VPC.
    2. Check security group rules.

      To access DB instances in a different security group from the ECS, add an inbound rule for the security group.

    3. On the ECS, check whether the DB instance port can be connected to.

    For a public network connection:

    1. Check security group rules.

      To access DB instances in a security group from a public network, add an inbound rule for the security group.

    2. Check network ACL rules.
    3. Ping the ECSs in the same region to the DB instance.
  6. (Common) Check whether the number of connections to the DB instance reaches the upper limit.

    If there is an excessive number of database connections, applications may be unable to connect.

  7. (Common) Check whether the DB instance is in the Storage full state.

    If the DB instance is in the Storage full state, data read and write performance is affected.

  8. View the common connection error messages.

    Find corresponding solutions based on connection error messages.

Fault Locating

Figure 1 Locating instance connection failures
  1. Check whether the DB instance is available.

    Check whether the DB instance is in the Available state.

    Possible cause: The RDS system is faulty, the DB instance is abnormal, or the DB instance or a table is locked.

    Solution: If the DB instance is abnormal, reboot it.

    Figure 2 Checking DB instance status

  2. Check whether the client connection is correct.
    Table 1 Connection model

    Connection method

    Scenario

    Example

    Private network

    A private IP address is provided by default.

    If your applications are deployed on an ECS that is in the same region and VPC as the DB instance, connect to the ECS and DB instance through a private IP address.

    RDS for MySQL:

    mysql -h <private IP address> -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

    Public network

    If you cannot access the DB instance using a private IP address, bind an EIP to the DB instance and then connect to the DB instance through the EIP.

    For EIP pricing details, see EIP billing details.

    RDS for MySQL:

    mysql -h <EIP> -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

  3. Check the connection method.
    • SSL connection is recommended. Enable SSL on the Connectivity & Security page and upload the certificate to the ECS.

      mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

      Figure 3 Enabling SSL

    • Common connection: Disable SSL on the Overview page.

      mysql -h 172.16.0.31 -P 3306 -u root -p

  4. Check the parameters in the command used to connect.

    Ensure that the connection address, port, username and password, and SSL connection method are correct, and try to connect to the DB instance again.

    If you use a private connection with SSL enabled, run mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem.

    • IP address

      On the Private Connection tab of the Connectivity & Security page, obtain the floating IP address in the Connection Information area.

      Figure 4 Floating IP address

    • Database Port

      On the Private Connection tab of the Connectivity & Security page, obtain the database port in the Connection Information area.

    • Root login credentials

      Make sure you have entered the root password correctly.

    • Certificate

      Obtain the SSL certificate name from the directory where the command is executed.

    If you use a public connection with SSL enabled, run the following example command: mysql -h EIP -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

    • IP address

      On the Public Connection tab of the Connectivity & Security page, obtain the EIP in the Connection Information area.

      Figure 5 EIP
    • Database Port

      On the Public Connection tab of the Connectivity & Security page, obtain the database port in the Connection Information area.

    • Root login credentials

      Make sure you have entered the root password correctly.

    • Certificate

      Obtain the SSL certificate name from the directory where the command is executed.

  5. Check the network connection.
    Private network connection
    1. Check whether the ECS and DB instance are in the same region and VPC.
      • If the ECS and DB instance are in different regions, they cannot communicate with each other. Select a region near to your service area to reduce network latency and experience faster access.
      • If the ECS and DB instance are in different VPCs, change the VPC of the ECS to that of the DB instance. For details, see Changing a VPC.
      Figure 6 Checking the VPC of an ECS
      Figure 7 Checking the VPC of an RDS instance
    2. Check security group rules.
      • If in the security group of the ECS, there is no outbound rule with Destination set to 0.0.0.0/0 and Protocol & Port set to All, add an outbound rule for the floating IP address and port of the DB instance.
        Figure 8 ECS security group
      • If in the security group of the DB instance, there is no inbound rule allowing the access from IP address and port of the ECS, add an inbound rule for the IP address and port of the ECS.
    3. On the ECS, check whether the DB instance port can be connected to.
      telnet <IP address> <port number>
      • If the connection is normal, the network is normal.
      • If the connection fails, create a service ticket to contact customer service for assistance.

    Public network connection

    1. Check security group rules.
      • If in the security group of the ECS, there is no outbound rule with Destination set to 0.0.0.0/0 and Protocol & Port set to All, add an outbound rule for the EIP and port of the DB instance.
        Figure 9 ECS security group
      • If in the security group of the DB instance, there is no inbound rule allowing the access from IP address and port of the ECS, add an inbound rule for the IP address and port of the ECS.
    2. Check network ACL rules.
      1. Go to the Network ACLs.
      2. Check whether the NIC bound to the EIP is in the subnet associated with the network ACL.
      3. Check whether the network ACL is enabled.

        If yes, add an ICMP rule to allow traffic.

      The default network ACL rule denies all inbound and outbound packets. This default rule is still applied even if the network ACL is disabled.

    3. Ping the DB instance on an ECS in the same region.

      If you cannot ping the RDS instance's EIP from an ECS, try pinging it from another ECS in the same region. If the EIP can be pinged, the network is normal. In this case, create a service ticket to contact customer service.

  6. Check whether there are too many connections to the DB instance.

    Check method:

    1. Run show variables like '%max%connections%'; to view the number of instance connections.

      • max_connections: the maximum number of clients that can be connected at the same time. If this parameter is set to default, the maximum number of clients depends on the amount of memory configured. For details, see What Is the Maximum Number of Connections to an RDS DB Instance?
      • max_user_connections: the maximum number of concurrent connections allowed for a specific RDS for MySQL account.
    2. Check whether the total connections and current active connections have reached the upper limits by referring to Viewing Performance Metrics. Determine whether to release the connections.

    Possible cause: If there are too many database connections, applications may be unable to connect, and full and incremental backups may fail, affecting services.

    Solution:
    1. Check whether applications are connected, optimize the connections, and release unnecessary connections.
    2. If this parameter is set to default, you can scale up the DB instance to set max_connections to a larger value. For details, see Changing DB Instance Specifications.
    3. Check whether any metrics are abnormal and whether any alarms are generated on the Cloud Eye console. Cloud Eye monitors database metrics, such as the CPU usage, memory usage, storage space usage, and database connections, and allows you to set alarm policies to identify risks in advance if any alarms are generated. For details about the supported monitoring metrics, see Configuring Displayed Metrics.
  7. Check whether the DB instance is in the Storage full state.
    Check method: View the storage space usage on the RDS console or Cloud Eye.
    • On the RDS console

      Locate a DB instance and click its name to go to the Overview page. In the Storage & Backup area, view the storage space usage.

      Figure 10 Storage space usage
    • On Cloud Eye

      Locate a DB instance and click View Metrics in the Operation column. On the displayed page, view the storage space usage.

    Possible cause and solution: See What Should I Do If an RDS DB Instance Is Abnormal Due to Full Storage Space?

  8. View common connection error messages.

    When you run commands to connect to a DB instance, understanding the error messages can help:

    • ERROR 2013: Lost connection to MySQL server during query

      If the values of wait_timeout and interactive_timeout are too small, RDS for MySQL client will automatically disconnect the timeout empty connection. For details, see MySQL Client Automatically Disconnected from a DB Instance.

    • ERROR 1045 (28000): Access denied for user 'root'@'192.168.0.30' (using password: YES)

      Check whether the password is correct, whether the ECS has the permission to connect to the DB instance, and whether the RDS for MySQL client can ping the DB instance's floating IP address. For details, see RDS for MySQL DB Instance Inaccessible.

    • ERROR 1226 (42000): User 'test' has exceeded the 'max_user_connections' resource (current value:10)

      Check whether the number of connections to the DB instance is limited. For details, see MySQL DB Instance Inaccessible.

    • ERROR 1129 (HY000): Host '192.168.0.111' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'

      Check whether the number of failed RDS for MySQL client connection attempts (not caused by incorrect passwords) exceeds the value of max_connection_errors. For details, see RDS for MySQL DB Instance Inaccessible.

    • [Warning] Access denied for user 'username'@'yourIp' (using password: NO)

      If this error message is displayed when you attempt to connect to an RDS for MySQL or RDS for PostgreSQL DB instance, check whether the username or password is correct.

    • [Warning] Access denied for user 'username'@'yourIp' (using password: YES)

      If this error message is displayed when you attempt to connect to an RDS for MySQL or RDS for PostgreSQL DB instance, check whether the username or password is correct.

    • Login failed for user 'username'

      If this error message is displayed when you attempt to connect to an RDS for SQL Server DB instance, check whether the username or password is correct.

  9. If the problem persists, create a service ticket.