Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

CRITICAL: All RDS instances in sa-east-1 not accessible externally - Infrastructure issue

0

CRITICAL INFRASTRUCTURE ISSUE

All 3 RDS PostgreSQL instances in sa-east-1 region are completely inaccessible from external networks despite correct configurations:

AFFECTED INSTANCES:

  • lake.cpw8yq6ace5f.sa-east-1.rds.amazonaws.com:5435 (IP: 54.94.242.210) - PostgreSQL 17.4
  • gs.cpw8yq6ace5f.sa-east-1.rds.amazonaws.com:5432 (IP: 177.71.182.10) - PostgreSQL 17.4
  • studio.cpw8yq6ace5f.sa-east-1.rds.amazonaws.com:5432 (IP: 54.232.219.147) - PostgreSQL 16.10

VALIDATED CONFIGURATIONS:

  • All instances show "available" status
  • DNS resolving correctly to public IPs
  • Security group sg-0c304121fed0e5574 allows 0.0.0.0/0
  • Public subnets with internet gateway routing
  • VPC vpc-0b2431f39123c6de6 configured correctly

SYMPTOMS:

  • Telnet connections timeout on all instances
  • Tested from multiple networks (including mobile hotspot)
  • Problem affects different PostgreSQL versions
  • All instances created September 24-25, 2025

SUSPECT: Regional infrastructure issue or VPC-level routing problem affecting all RDS external connectivity.

URGENCY: Production systems cannot connect to databases.

Topics
AnalyticsMigration & ModernizationDatabaseNetworking & Content Delivery
Tags
Amazon VPCAmazon Relational Database ServiceSecurity GroupPostgreSQLNetworking & Content Delivery
Language
English
asked 2 months ago43 views
1 Answer
0

Based on your description, this appears to be a connectivity issue with your RDS instances. While you've verified many important configurations, there are several potential causes to investigate:

  1. Public Accessibility Setting: Check if the "Publicly accessible" parameter is enabled for each RDS instance in the RDS console under "Connectivity & security". This setting is required for external access, regardless of security group configurations.

  2. Subnet Configuration: Even if your subnets are "public" (have routes to an internet gateway), RDS instances should ideally be placed in private subnets for security reasons. If your RDS instances are in a DB subnet group that contains both public and private subnets, they might have been placed in or failed over to private subnets during creation or maintenance.

  3. Network ACLs: Verify that the Network ACLs associated with your RDS instance's subnets allow both inbound and outbound traffic on your database ports (5432 and 5435).

  4. Route Tables: Double-check that the route tables for your VPC are correctly configured to allow traffic between external networks and the RDS instances.

  5. Recent Maintenance: If this happened after a maintenance window, it could have changed some network configurations. AWS maintenance activities sometimes modify settings that can affect connectivity.

For immediate troubleshooting:

  • Try connecting from an EC2 instance within the same VPC to determine if this is specifically an external access issue
  • Temporarily modify security groups to ensure they're not the cause
  • Check if there are any AWS service health dashboard notifications for RDS in sa-east-1

As a best practice for security, consider using alternative methods to access your RDS instances securely, such as through a bastion host or AWS Systems Manager Session Manager, rather than exposing them directly to the internet.
Sources
Troubleshooting connection issues to your Amazon RDS DB instance - Amazon Relational Database Service
RDS connectivity failure after AWS maintenance window | AWS re:Post
Troubleshooting connections to your RDS for PostgreSQL instance - Amazon Relational Database Service
Community | Connect securely to an RDS instance

answered 2 months ago
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content