This error indicates that your computer cannot establish a network connection to the RDS instance. Here are the most common causes and solutions:
Your RDS instance's security group needs to explicitly allow incoming connections from your IP address:
- Go to the AWS Management Console
- Navigate to RDS > Databases > Select your database (database-1)
- Click on the "Connectivity & security" tab
- Click on the VPC security group (e.g., "default")
- In the security group page:
- Select the "Inbound rules" tab
- Click "Edit inbound rules"
- Add a rule:
- Type: MySQL/Aurora (port 3306)
- Source: Your IP address or 0.0.0.0/0 for any IP (not recommended for production)
- Save rules
Make sure your RDS instance is set to be publicly accessible:
- Go to the AWS Management Console
- Navigate to RDS > Databases > Select your database (database-1)
- Click "Modify"
- Under "Connectivity", ensure "Public access" is set to "Yes"
- Click "Continue" and "Apply immediately"
- Click "Modify DB Instance"
Note: It may take a few minutes for changes to take effect.
Verify that the RDS instance is in the "Available" state:
- Go to the AWS Management Console
- Navigate to RDS > Databases
- Check that the status of your database (database-1) shows as "Available"
If you're accessing from a corporate network or using a VPN:
- Ensure that outbound connections to port 3306 are allowed
- Try connecting from a different network (e.g., mobile hotspot)
- Temporarily disable any VPN software that may be routing traffic
Confirm you're using the correct endpoint for your RDS instance's region:
- Go to the AWS Management Console
- Navigate to RDS > Databases > Select your database (database-1)
- On the "Connectivity & security" tab, check the "Endpoint" field
- Ensure this matches the endpoint in your .env file
You can test basic network connectivity using telnet or ncat:
# Using PowerShell Test-NetConnection (Windows)
Test-NetConnection -ComputerName database-1.cxkucyeociny.ap-south-1.rds.amazonaws.com -Port 3306A successful connection will show "TcpTestSucceeded : True".
To find your current public IP address (useful for setting up security group rules):
- Visit whatismyip.com or ipify.org
- Use this IP address in your security group rule