Add RDS instance - connection check failed

when adding a new service via RDS, after entering DB username & password, the connection check fails even though username & password are correct and port 3306 is open. Why can’t Percona (hosted on an EC2 instance) connect to my RDS instance?

Hello @Milo_Stein,
On your PMM-EC2 instance, can you access MySQL RDS via command line using the same credentials? If this test fails, then you have permissions issues on your RDS. Please perform this basic connectivity test and let us know the results.

Hi Matthew, thanks for your quick support. Instance Connect doesn’t work because apparently, the username is not the default “root” or “ec2-user”, ssh gives me a permission denied even though I used the right key. How can I establish a connection with the EC2 then?

@matthewb Hi again :slight_smile:

Did you launch PMM using our AMI? If so, I believe the username for ssh is ‘admin’.

Thanks Matthew, that worked now. But how do I test the connection to the db? mysql -h etc. didn’t work. Would appreciate your help!

Please paste the command you used. It is very hard to assist when I can’t see the command/output.

all mysql commands show command not found. Is there an alternative to check the connection?

You need to install the mysql client. This is all “troubleshooting 101”. You need to perform basic connection tests/checks. There is a mysql client docker image you can try too if you are more familiar with docker.

Try using telnet 3306 and if that doesn’t show a mysql attempt, then you have RDS/security groups issues that you must resolve first.

thanks Matthew, I managed to make the connection check work, but it fails. I added the Public IP of the PMM EC2 into the rules of the DB security group, but i get a ERROR 2003 (HY000)

It is very difficult to assist when I can’t see the entire output of what you are doing and the exact commands you are executing.
Error 2003 is a generic connection failure message and doesn’t really help here.
I suggest you ask someone else on your team to assist with these basic networking troubleshooting tasks. If the telnet fails, then you have fundamental network blocks (security group, firewall, etc).

This is what a SUCCESSFUL telnet test looks like:

$ telnet 3306
Connected to
Escape character is '^]'.
5.7.38-log�K- dL|?Pt;=/0C9=mysql_native_password

Again, the above is a SUCCESS test. The above shows that the EC2 instance is able to talk to MySQL and MySQL has returned a challenge for authentication. If you don’t get then when substituting your RDS endpoint, then you have basic networking issues that need to be resolved.

Hi Matthew, the telnet fails. Connection timeout. Again, I added the EC2 as a rule to the security group, so what other networking issue could be problematic here?