How do I troubleshoot issues with the IP addresses that are assigned to my Amazon RDS DB instances?

5 minute read
0

I want to troubleshoot issues with the IP addresses that are assigned to my Amazon Relational Database Services (Amazon RDS) instances.

Resolution

When Amazon RDS creates a DB instance in a virtual private cloud (VPC), a network interface is assigned to your DB instance. Based on how you configure your instance, either a private IP address or a public IP address is assigned to your instance.

I selected the Publicly accessible setting, but a public IP address isn't assigned to the DB instance

If the subnets in your DB subnet group are private, then your DB instance isn't assigned a public IP address.

To resolve this issue, complete the following steps:

  1. Open the Amazon RDS console.
  2. In the navigation pane, choose Subnet groups.
  3. Choose the subnet group that the DB instance is associated with.
    Note: You can view the subnet groups with the VPC ID and associated subnet IDs.
  4. Open the Amazon Virtual Private Cloud (Amazon VPC) console.
  5. In the navigation pane, choose Internet gateways.
  6. Check whether your VPC is attached to an internet gateway.
    Note: If your VPC isn't attached to an internet gateway, then create and attach one to your VPC.
  7. In the navigation pane, choose Route tables.
  8. Choose the route table that's associated with your VPC.
  9. Choose the Subnet associations tab, and then verify that all the subnets in your DB subnet group are attached to the route table.
    Note: If the subnets aren't associated with the route table, then choose Edit subnet associations. Select the subnet that you want to associate with the route table.
  10. Choose the Routes tab. Check that all the subnets in your DB subnet group have 0.0.0.0/0 in the Destination field and the internet gateway ID in the Target field.
    Note: If the subnets have different values for the Destination and Target fields, then modify the route to include the preceding values.
  11. Open the Amazon RDS console.
  12. In the navigation pane, choose Databases.
  13. Select the DB instance that you want to modify, and then choose Modify.
  14. Under Connectivity, expand the Additional configuration section, and then select Publicly accessible.
  15. Choose Continue.
  16. Choose Modify DB instance.

Note: A subnet group that includes a combination of public and private subnets can cause connectivity issues after a failover. For example, you have a primary instance that runs in the public subnet when the secondary instance is running in a private subnet in a Multi-AZ configuration.

I want to find the connection information for my Amazon RDS DB instance

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

When you try to connect to your DB instance from resources within the same VPC, your RDS endpoint automatically resolves to the private IP address. When you connect to your DB instance from either outside the VPC or the internet, the endpoint resolves to a public IP address.

To find connection information, you can use the Amazon RDS console, run the describe-db-instances AWS CLI command, or the DescribeDBInstances RDS API.

You can also run one of the following commands to find the connection information:

dig example-rds-endpoint

-or-

nslookup example-rds-endpoint

When you run the nslookup command to get the RDS endpoint, you see an output that's similar to the following examples.

Output from an Amazon Elastic Compute Cloud (Amazon EC2) instance in the same VPC that resolves to a private IP address:

[ec2-user@ip-172-xx-xx-xx ~]$ nslookup myoracledb.xxxxx.us-east-1.rds.amazonaws.com  
Server: xxx.xxx.xxx.xxx
Address: xxx.xxx.xxx.xxx#53
Non-authoritative answer: myoracledb.xxxxx.us-east-1.rds.amazonaws.com canonical name = ec2-3-232-189-42.compute-1.amazonaws.com.
Name: ec2-3-232-189-42.compute-1.amazonaws.com
Address: 172.31.8.27

Output from an Amazon EC2 instance in a different VPC that resolves to the public IP address:

[ec2-user@ip-172-xx-xx-xx ~]$ nslookup myoracledb.xxxxx.us-east-1.rds.amazonaws.com  
Server: xxx.xxx.xxx.xxx
Address: xxx.xxx.xxx.xxx#53
Non-authoritative answer: myoracledb.xxxxx.us-east-1.rds.amazonaws.com canonical name = ec2-3-232-189-42.compute-1.amazonaws.com.
Name: ec2-3-232-189-42.compute-1.amazonaws.com
Address: 3.232.189.42

The IP addresses of my DB instances aren't consistent

The IP address that's assigned to your RDS DB instance can change in the following situations:

  • You stop and restart the DB instance.
    Note: When you reboot the DB instance, the IP address doesn't change.
  • The underlying host is replaced because of an DB instance failure or DB instance class update.
  • Hardware maintenance was performed on the DB instance.
  • The DB instance is in a Multi-AZ environment, and a failover happened.
  • The operating system (OS) of the DB instance experienced software patching.
  • You used a reboot with failover to initiate a manual failover of the DB instance.
  • The DB engine upgraded to a major or minor version.
  • There's an outage in the Availability Zone of the instance.

Note: Because the IP address of your instance is dynamic, you can't assign a static IP address or an Elastic IP address to your instance.

AWS OFFICIAL
AWS OFFICIALUpdated 2 months ago
2 Comments

It should be noted, when the RDS instance is publicly accessible and the EC2 has been configured to a use an external DNS server (EG Managed AD), when querying the RDS IP address, the EC2 instance will receive the external IP address (rather than the Internal address as outlined above), If the private IP address is required (for testing), the following AWS CLI commands can help here:

Linux/CloudShell: aws ec2 describe-network-interfaces --filters Name=addresses.association.public-ip,Values=<externalIPAddress> | grep ""PrivateIpAddress":"

Windows: aws ec2 describe-network-interfaces --filters Name=addresses.association.public-ip,Values=<externalIPAddress> | findstr ""PrivateIpAddress":"

replacing the <externalIPAddress> placeholder with the external address

It is important to note that the internal address is likely to change, as per the above article, so the IPs should not be hard coded into any configuration file.

see https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-network-interfaces.html for more details.

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
EXPERT
replied 2 years ago