RDS MySQL 错误 1045 (28000):从 EC2 连接到数据库时用户访问被拒绝
RDS MySQL ERROR 1045 (28000): Access denied for user when connecting to db from EC2
我有一个 EC2 实例,我正在尝试连接到 RDS (mySQL) 实例。
我创建了一个 RDS mySQL 实例,名称为:mydbinstance,用户:mysuperuser 和一个通用的 8 字符 (mypassword),仅用于测试目的。
Virtual Private Cloud: default
(same as where the EC2 is located)
Subnet group: default
Public accessibility: No (DB instance will not have a public IP
address assigned. No EC2 instance or devices outside of the VPC will
be able to connect.)
Availability zone: No preference
VPC security groups: Create new VPC security group
IAM DB authentication: Disabled
我将 RDS 实例添加到与 EC2 实例相同的 VPC,因此它在同一区域中。
数据库实例正在使用新的安全组:
Type: Custom TCP Rule Protocol: TCP Port: 3306 CIDR: 174.62.127.135/32
这个IP地址是从哪里来的?我在实例化时没有指定任何东西...
接下来,我通过 ssh 连接到我的 EC2 实例(位于同一 VPC 中的实例),然后尝试:
$ mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p
我在提示符下输入 mypassword(我之前指定的那个),我得到:
ERROR 1045 (28000): Access denied for user 'mymasteruser'@'localhost'
(using password: YES)
我尝试使用 ifconfig 获取 EC2 机器的 IP 地址,并用它更新了 RDS 使用的安全组 IP 地址(我在上面想知道的那个)。同样的结果,没有运气连接。从那以后我就一直在谷歌上搜索答案。
调试这个的其他选项是什么?如果有任何建议,我将不胜感激。
更新
我能够从我的笔记本电脑 运行 这个(通过将数据库 Public Access 更改为 YES):
mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p
found 0 associations found 1 connections:
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif en3
src 192.168.86.33 port 55863
dst xx.xxx.xxx.xxx port 3306
rank info not available
TCP aux info available
但是我无法从我的 EC2 实例获得任何输出。它挂了!与我 运行 netcat (nc) 命令的原因相同。为什么这不适用于我的 EC2 实例?
在 aws 论坛上找到该块后,我能够使其正常工作。将其发回此处以防有人遇到同样的问题:
"In order to connect to MySQL, you will have to authorize the IP
address of the host from which you plan to connect to MySQL. You
should also revoke access from the CIDR you currently have authorized.
If you don’t know your computer’s IP address, you can see it by
visiting the site http://checkip.amazonaws.com/. Note that you will
have to add “/32” to the end of this to convert the IP address to a
CIDR which contains only that IP address. For example, if your IP
address is 192.0.2.10, you should authorize access to the CIDR
192.0.2.10/32.
我有一个 EC2 实例,我正在尝试连接到 RDS (mySQL) 实例。
我创建了一个 RDS mySQL 实例,名称为:mydbinstance,用户:mysuperuser 和一个通用的 8 字符 (mypassword),仅用于测试目的。
Virtual Private Cloud: default (same as where the EC2 is located)
Subnet group: default
Public accessibility: No (DB instance will not have a public IP address assigned. No EC2 instance or devices outside of the VPC will be able to connect.)
Availability zone: No preference
VPC security groups: Create new VPC security group
IAM DB authentication: Disabled
我将 RDS 实例添加到与 EC2 实例相同的 VPC,因此它在同一区域中。
数据库实例正在使用新的安全组:
Type: Custom TCP Rule Protocol: TCP Port: 3306 CIDR: 174.62.127.135/32
这个IP地址是从哪里来的?我在实例化时没有指定任何东西...
接下来,我通过 ssh 连接到我的 EC2 实例(位于同一 VPC 中的实例),然后尝试:
$ mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p
我在提示符下输入 mypassword(我之前指定的那个),我得到:
ERROR 1045 (28000): Access denied for user 'mymasteruser'@'localhost' (using password: YES)
我尝试使用 ifconfig 获取 EC2 机器的 IP 地址,并用它更新了 RDS 使用的安全组 IP 地址(我在上面想知道的那个)。同样的结果,没有运气连接。从那以后我就一直在谷歌上搜索答案。
调试这个的其他选项是什么?如果有任何建议,我将不胜感激。
更新
我能够从我的笔记本电脑 运行 这个(通过将数据库 Public Access 更改为 YES):
mysql -h mydbinstance.$(RDS_INSTANCE).us-west-2.rds.amazonaws.com -P 3306 -u mymasteruser -p
found 0 associations found 1 connections:
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif en3
src 192.168.86.33 port 55863
dst xx.xxx.xxx.xxx port 3306
rank info not available
TCP aux info available
但是我无法从我的 EC2 实例获得任何输出。它挂了!与我 运行 netcat (nc) 命令的原因相同。为什么这不适用于我的 EC2 实例?
在 aws 论坛上找到该块后,我能够使其正常工作。将其发回此处以防有人遇到同样的问题:
"In order to connect to MySQL, you will have to authorize the IP address of the host from which you plan to connect to MySQL. You should also revoke access from the CIDR you currently have authorized. If you don’t know your computer’s IP address, you can see it by visiting the site http://checkip.amazonaws.com/. Note that you will have to add “/32” to the end of this to convert the IP address to a CIDR which contains only that IP address. For example, if your IP address is 192.0.2.10, you should authorize access to the CIDR 192.0.2.10/32.