Select Language:
If your Lightsail VPC peering shows as enabled with a green checkmark in the Lightsail console but you can’t see the connection in the VPC console, and your EC2 instance in the default VPC can’t connect to your Lightsail instance on port 3306, here’s what you can do.
First, understand that Lightsail’s VPC peering feature can sometimes appear enabled even if the actual peering connection isn’t fully established. The most common issue is that no active peering connection exists at the network level.
Here’s a straightforward way to fix this:
-
Check and Enable VPC Peering in Lightsail
ADVERTISEMENT- Open your Lightsail console.
- Go to the Account section and select Advanced.
- Find your region (like
us-west-2) and click Enable VPC peering. - This step creates or updates the peering connection between your Lightsail VPC and your default VPC.
-
Verify the Peering Connection
- After enabling, head over to the VPC console in AWS.
- Navigate to Peering connections and look for a connection between your Lightsail VPC and your default VPC.
- Make sure the status says Active. If it’s still pending or inactive, give it a few minutes and refresh.
-
Update Firewall Rules
- In Lightsail, ensure that your firewall has a rule allowing inbound traffic on port 3306 from the IP range of your default VPC (
172.31.0.0/16). - Likewise, check that your EC2 security groups permit outbound traffic to the Lightsail instance on port 3306.
- In Lightsail, ensure that your firewall has a rule allowing inbound traffic on port 3306 from the IP range of your default VPC (
-
Confirm Network Routing and Security Groups
- Make sure your EC2 instance security group allows outbound connections to the Lightsail private IP (
172.26.4.95) on port 3306. - Also, verify ongoing routing setups so traffic flows correctly between the networks.
- Make sure your EC2 instance security group allows outbound connections to the Lightsail private IP (
-
Test the Connection
- When the VPC peering status is Active, try connecting again.
- Use
nc -zv 172.26.4.95 3306to check if the port is accessible. - You can also ping the Lightsail instance’s private IP to test basic connectivity.
Usually, setting up or fixing the peering connection takes just a few minutes after your configuration. Remember, VPC peering must be directly established; it’s not transitive, so each connection needs to be explicitly configured.
By following these steps, you should be able to establish a direct private connection between your EC2 instance and Lightsail instance, making the MySQL traffic flow smoothly. If after trying these steps the connection still times out, double-check your network settings, security rules, and ensure the peering connection has transitioned from pending to active.
ChatGPT
Perplexity
Gemini AI
Grok AI
