All Products
Search
Document Center

ApsaraDB RDS:Troubleshoot RDS connection failures

Last Updated:Jun 20, 2026

This topic explains how to troubleshoot connection failures to an RDS instance.

Overview

To troubleshoot the issue, check the following five areas:

Step 1: Check instance status and connection information

  1. Log on to the ApsaraDB for RDS console. On the Instances page, check the status of the RDS instance to ensure it is running. If the instance state is abnormal or locked, troubleshoot the issue. If an instance is locked, see Troubleshoot an automatic lock on an ApsaraDB for RDS for MySQL instance caused by insufficient storage. While the instance is locked, your application cannot read from or write to it. If your business allows, you can restart the instance. Perform this operation with caution.

  2. In your database connection code or client tool, verify the connection information, including the internal and public endpoints. For more information, see Connect to an ApsaraDB for RDS instance.

    On the instance details page, click Database Connection in the left-side navigation pane. In the Endpoints section, view the internal and public endpoints. An endpoint is formatted as rm-xxx.mysql.rds.aliyuncs.com and the port is 3306.

Step 2: Verify whitelist configuration

Ensure that you have added the correct IP address of your local device to the IP whitelist of the RDS instance. As a test, temporarily add 0.0.0.0/0 to the whitelist. If the connection succeeds, the original whitelist was misconfigured. Remove the 0.0.0.0/0 entry and add the correct IP address. For more information about how to configure a whitelist, see Configure an IP address whitelist. Note the following points about whitelists:

  • By default, the whitelist on the Data Security > Whitelist Settings page contains only the IP address 127.0.0.1. This address prevents any device from accessing the RDS instance. You must add the IP address of your client, such as an ECS instance, to the whitelist.

  • If you added 0.0.0.0, this format is incorrect. The correct format is 0.0.0.0/0.

    Note

    0.0.0.0/0 allows access from any IP address. Use this with caution.

  • Check whether the high-security whitelist mode is enabled. If this mode is enabled, perform the following checks:

    • If you are using an internal endpoint in a Virtual Private Cloud (VPC), ensure that the internal IP address of the ECS instance is added to a VPC whitelist group.

    • If you are using an internal endpoint in a classic network, ensure that the internal IP address of the ECS instance is added to a classic network whitelist group.

    • If you are connecting over the public network, ensure that the public IP address of your device is added to a classic network whitelist group. VPC whitelist groups do not apply to public network connections.

  • The public IP address in the whitelist might not be your device's actual outbound IP address. This discrepancy can occur for the following reasons:

Step 3: Check database performance

Review the RDS instance's performance monitoring data for insufficient resources.

Step 4: Check network and client

ECS to RDS internal network access

If an ECS instance cannot access an RDS instance over the internal network, see Resolve instance connection issues.

Applies to

ApsaraDB for RDS