How do I resolve issues with my Amazon RDS database instance?
Problem
I cannot connect to an Amazon RDS database instance.
Your problem:
When you try to connect from an EC2 instance that is not in the VPC, the DB instance security group is not configured to access the EC2 instance.
Decision:
If connection attempts from an EC2 classic instance fail, grant the user access from the security group of the DB instance. For more information, check the following:
If you want to access a database instance from an Amazon EC2 instance, you must first determine if your EC2 instance and DB instance are actually in VPC. If you use VPC by default, you can assign the same EC2 or VPC security group that you used for your EC2 instance when you create or modify the database instance that the EC2 instance will access.
If your DB instance and EC2 instance are not in the VPC, you must configure the DB instance security group using an access rule that allows traffic from the Amazon EC2 instance. You would do this by adding the Amazon EC2 security group for the EC2 instance to the DB security group for the DB instance. In this example, you add a database security group access rule for the Amazon EC2 security group.
Attention!
Adding a database security group access rule for Amazon EC2 The security group provides only access to your database instances from Amazon EC2 and the instances associated with this Amazon EC2 security group.
You cannot allow Amazon EC2 security group located in a different AWS region than your database instance. You can resolve the range IP address or specify an Amazon EC2 security group in the same region as the IP address in another region. If you specify an IP range, we recommend that you use the private IP address of your Amazon EC2 instance, which provides a more direct network route from your Amazon EC2 instance to your Amazon RDS DB database instance and does not require network charges for data sent outside the Amazon network .
AWS Management Console
To add an EC2 security group to a database security group
Log in to the AWS management console and open the Amazon RDS console at https://console.aws.amazon.com/rds/ .
Select security groups in the navigation panel on the left side of the console window.
Select the details icon for the database security group that you want to provide.

- On the details page for your security group, select, select the EC2 security group from the Connection Type drop-down list, and then select the Amazon EC2 security group that you want to use. Then click "Authorize."

- The access rule status will be authorized until the new access rule is applied to all database instances associated with the changed database security group. After the login rule is successfully applied, the status will change to authorized.
CLI
To provide access to the Amazon EC2 security group, use the AWIS CLI command commandize-db-security-group-ingress.
Example
For Linux, OS X, or Unix:
aws rds authorize-db-security-group-ingress \ --db-security-group-name default \ --ec2-security-group-name myec2group \ --ec2-security-group-owner-id 987654321021
For Windows:
aws rds authorize-db-security-group-ingress ^ --db-security-group-name default ^ --ec2-security-group-name myec2group ^ --ec2-security-group-owner-id 987654321021
The command should output a result similar to the following:
SECGROUP Name Description SECGROUP default default EC2-SECGROUP myec2group 987654321021 authorizing
API
To allow network access for the Amazon EC2 security group, call this Amazon RDS API function, http://docs.aws.amazon.com//AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.htmlAuthorizeDBSecurityGroupIngress with the following parameters:
EC2SecurityGroupName = myec2group EC2SecurityGroupOwnerId = 987654321021
Example
https://rds.amazonaws.com/ ?Action=AuthorizeDBSecurityGroupIngress &EC2SecurityGroupOwnerId=987654321021 &EC2SecurityGroupName=myec2group &Version=2009-10-16 &SignatureVersion=2 &SignatureMethod=HmacSHA256 &Timestamp=2009-10-22T17%3A10%3A50.274Z &AWSAccessKeyId=<AWS Access Key ID> &Signature=<Signature>
Link to the resource: