Categories
Database Development

Connect to RDS from EC2 that uses Elastic IP. Access denied for user

SHORT:

I want to access my RDS MySQL from my EC2 instance. The EC2 has an associated Elastic IP address. I associated an Elastic IP address so the EC2 has a static IP.

I can create a MYSQL user my_user@orig_EC2_IP and access the RDS. However, I cannot connect when I create a user with the elastic IP: my_user@ELASTIC_IP. The instance seems to send along the original IP, not the elastic one.

I’d just use the my_user@orig_EC2_IP user, but this will stop working if the instance is restarted and changes IP address.

LONGER:

The following works:

  • Do NOT associate Elastic IP with EC2.
  • On RDS, add Security inbound rule, adding MySQL/Aurora access to EC2 IP Address.
  • Create a MySQL user:
grant usage on *.* to myuser@'<EC2 IP>' identified by 'password';
grant select on mydb.mytable to myuser@'<EC2 IP>';
  • SSH to the EC2.
  • I can access the RDS MySQL both as Admin and myuser.

However, I want to associate an Elastic IP to the EC2 so it has a static IP address.

  • Associate an Elastic IP address to the EC2.
  • Drop the myuser@’EC2 IP’
  • Do all the same as above, opening a port to the Elastic IP, creating a MySQL user @"elastic IP", SSH to EC2 using the elastic IP.

I can still connect from the EC2 with the MySQL admin user. I get an error when I try to connect to the RDS using myuser:

Access denied for user 'myuser'@'ORIGINAL IP'

It seems that it’s sending along the original IP address, not the elastic one.

Leave a Reply

Your email address will not be published. Required fields are marked *