ApsaraDB RDS:Why am I unable to connect to my ApsaraDB RDS for MySQL instance or ApsaraDB RDS for MariaDB instance from a local server over the Internet?

Problem description

The public IP address of the local server is obtained and added to an IP address whitelist of the RDS instance. However, the connection fails.

Usage notes

If the public IP address of the local server changes and the connection that is established between the local server and your RDS instance is used in the production environment, we recommend that you connect to the RDS instance over an internal network or add an appropriate public CIDR block of the local server to the IP address whitelist of the RDS instance. This way, the RDS instance remains connected even if the public IP address of the local server changes.

Obtain the public IP address of the local server

1. Add the IP address to an IP address whitelist of the RDS instance.

   Add the public CIDR block of the company or the entry 0.0.0.0/0 to an IP address whitelist of the RDS instance that runs MySQL or MariaDB.

   Warning

   The entry 0.0.0.0/0 indicates that all devices can access the RDS instance. This may cause potential security risks. Proceed with caution. If the entry 0.0.0.0/0 is added, we recommend that you immediately delete the entry when it is no longer required.

2. Obtain the public IP address by using one of the following methods:

   • Method 1: Run the curl ipinfo.io/ip command to query the public IP address of the local client. We recommend that you use this method.

     Note

     If the preceding command fails, you can run the curl ifconfig.me command to query the public IP address.

   • Method 2: Execute SQL statements.

     1. Use a database client or the CLI to connect to the RDS instance from the local server.

        mysql -hEndpoint of the RDS instance -uUsername of the account -pPassword of the account -P3306

        

     2. Execute the following statement to obtain the actual egress IP address.

        show processlist

        The value of Host in the row in which show processlist is displayed is the actual egress IP address of the local server.

        

3. Update the IP address whitelist.

   1. Delete the entry 0.0.0.0/0 from the IP address whitelist.

   2. Add the public IP address that is obtained from Step 2 to the IP address whitelist.

FAQ

• I cannot connect to my RDS instance from a local server. How do I determine whether the connection fails because the public IP address of the local server dynamically changes?

  Add the entry 0.0.0.0/0 to an IP address whitelist of your RDS instance and wait for about 1 minute. Then, all devices are granted access to your RDS instance. Connect to your RDS instance from the local server. If your RDS instance can be connected, delete the entry 0.0.0.0/0 from the IP address whitelist and add the actual public IP address of the local server to the IP address whitelist. Then, connect to your RDS instance from the local server again. If your RDS instance cannot be connected, the public IP address that you added to the IP address whitelist is not the current public IP address of the local server. This indicates that the public IP address of the local server dynamically changes.

• After I add the public IP address of a local server to an IP address whitelist of my RDS instance, why am I still unable to connect to my RDS instance from the local server?

  If the public IP address of the local server dynamically changes, add the current public IP address of the local server to an IP address whitelist of your RDS instance. The IP address whitelist requires about 1 minute to take effect.

  The connection failure may be caused by other issues. For more information, see Troubleshoot failures in connecting to an ApsaraDB RDS for MySQL instance.