I made a MySQL RDS DB Instance, and I made sure the Instance is inside a security group which should allow me to connect to it externally. The security group allows all types of traffic from all IP addresses. The RDS is in the same security group as an EC2 I made.
I'm able to connect to the DB Instance by connecting to the EC2 via SSH, then using the mysql CLI client I installed on that EC2 to connect to the RDS. However, I'm not able to connect directly to the RDS from a MySQL client on my personal computer. I use the same host and username and all for the RDS, but circumventing the EC2 doesn't work.
From googling around, it seem like the error I'm getting is usually caused by the RDS's security group not allowing traffic from my computer - but this can't be the case, because I triple checked that the security group is open to all public traffic. Heck, the RDS is in the same security group as the EC2, and I'm able to connect to the EC2.
So what's going on?
This is what solved the issue for me. On the RDS dashboard have a look at the security group for your instance. Click on this and it would take you to the security group page.
Although it would say "All traffic" for both Inbound and Outbound click edit and ensure the source says My IP. I would not recommend using all IP's as this would open it to any one on the internet. If you do not have a static IP then ensure that you refresh this field once the connection stops working.
After this I was able to connect to the AWS RDS T2 instances.
Sometimes when I am trying to connect to things inside a VPC stuff gets weird with the DNS. But because you are inside a VPC you only will have a private IP address. If you want a direct connection between your computer and RDS I would not use a VPC, this just adds issues. If it does need to be inside a VPC, I launch an ec2 instance in my vpc like you already have. Then I tunnel the RDS instance to the ec2 instance by running this command
screen
ssh -L ec2-instanceDNS.com:3308:rds-dns.com:3308
to detach screen
Ctrl+A
D
Check what outgoing ports are open in the firewall on the network your personal computer is on. Even though the the RDS Instance allows for all traffic, your firewall may be blocking you from making the connection. You can use http://portquiz.net/ to test whether your network allows for traffic on the port you're connecting to your DB with. With MySQL, the port is most likely 3306; if the port you're using with your DB isn't accessible via your network, find a port that works using the Port Quiz tool I just linked, and then remake your DB Instance using that port. (RDS doesn't let you change the port on an already existing Instance).
