0

I have set up an AWS RDS instance and AWS EC2 instance, and I believe I set up the security group to allow both EC2 instance's internal ip and public ip to access the RDS instance. if I ssh to EC2 instance via a ssh client, and type command:

mysql -u xxx -p -h AWS_RDS_endpoint.com

The connection is sucessful. I created test php file named index.php in the EC2 instance web root, code like this:

<?php
  $servername = "aws_rds_endpoint.com";
  $username = "username";
  $password = "password";

  // Create connection
  $conn = new mysqli($servername, $username, $password);

  // Check connection
  if ($conn->connect_error) {
      die("Connection failed: " . $conn->connect_error);
  } 
  echo "Connected successfully";
?>

if I type "php index.php" at ssh terminal, it show "Connected successfully", but if at web browser I tried http to EC2 instance like http://xxxx.us-east-2.computer.amazonaws.com ( which is EC2 public DNS), it returns "Connection failed: Permission denied"

Can anyone tell me how to solve this issue?

Tim
  • 30,383
  • 6
  • 47
  • 77
Minjia Tang
  • 1
  • 1
  • 1
  • Sounds like permission denied for your web server accessing the PHP script. Start with "hello world" in PHP, get that working, then add the database connection. If that's not the case then please edit your question to include more detail, like web server used, web server configuration, web server access and error log for a small number of lines specifically chosen to demonstrate something, and anything else you think would help diagnose the issue. – Tim Jan 26 '18 at 21:07
  • Did you open port 80 (or the one your web server is assigned to) in your Inbound Security Group? Also, look in the log files for PHP errors. This is set in PHP.INI. Wrap your PHP code in a try / catch block to catch exceptions. – John Hanley Jan 26 '18 at 21:14

2 Answers2

1

I think this is answered already in another SO thread.. But I had the exact same issue. In my case I was using centos 8 as my EC2 instance. The issue is with SELinux

sudo setsebool -P httpd_can_network_connect_db=1

If you can already connect using the mysql command line tool; then obviously it's not a firewall or permissions issue; probably SELinux

Reece
  • 167
  • 6
0

If you want to connect to AWS RDS MySQL from EC2 Linux instance, you need an instance ID. Also, make sure you add the public-facing IP address to the DB security group that belongs to the RDS. Ensure that your user ID has the correct permissions to both the EC2 Linux instance and the MySQL DB -- modify/read access to the MySQL location and the DB itself.

Then, ensure you have created a DB security group for external access and your user is included in it. You can accomplish that using the instructions given on the following link: http://docs.amazonwebservices.com/AmazonRDS/latest/GettingStartedGuide/AuthorizeAccess.html

Mika Wolf
  • 169
  • 3