MySQL RDS Access issues

Question

Hi,

We've recently hit an odd connection problem where we cannot connect to an RDS instance from some IP addresses, even though they're listed in the security group rules.  We can access from other IPs (also listed),  not sure if I'm missing something new in the setup.  We cannot even telnet from the affected addresses.

The issue began after we migrated to 8.0.36 a few weeks ago and updated the certificate at the same time.  Previously the connections worked without issue for many months so we're confused.

Any pointers?

Thanks.

Answer

Hi - Thank you for your reply.

I don't see any error messages like that.

**If I try to connect to MySQL I see the following response:**

ERROR 2002 (HY000): Can't connect to MySQL server on '---.---.rds.amazonaws.com' (115)

**The exact command works from a different location.**

Similarly with telnet:

telnet ---.---.rds.amazonaws.com 111111

Trying 3.11.---.---...

telnet: connect to address 3.11.---.---:

Connection refused

**But from a different IP, I see a connection:**

telnet ---.---.rds.amazonaws.com 111111

Trying 3.11.---.---...

Connected to ---.---.compute.amazonaws.com.

Thanks,
Gary.

Answer

Hello.

Have you checked the RDS MySQL error log?  
For example, if an error like "Host 'yyy.yyy.yyy.yyy' is blocked because of many connection errors;" occurs, it may be blocked due to too many connection failures.  
If such an error occurs, it may be resolved by executing the "FLUSH HOSTS;" command as described in the document below.  
https://repost.aws/ja/knowledge-center/rds-blocked-host-error

Answer

The RDS MySQL error log just shows the following warning:

"Plugin mysql_native_password reported: ''mysql_native_password' is deprecated and will be removed in a future release. Please use caching_sha2_password instead'"

I think our access to the RDS instance is being blocked at a higher level, ie before we hit the RDS instance - is there any way we can find out if this is the case?

MySQL RDS Access issues

Contenus pertinents