Can't ping AWS RDS endpoint

So I try to ping it. But the attempt timeout.

Ping won't work because the security group blocks all communication by default. You'll have to "poke holes" in the security group firewall to get traffic to your instance.

SSH TCP 22 72.xxx.xxx.xxx/32 And it still does not work.

Yup. RDS does not allow you to log in to the box via SSH. Only the MySQL port (3306) is open.

I want to migrate my local mysql database to Amazon RDS.

Ok, but be careful. DO NOT open up 3306 to the entire Internet (i.e. 0.0.0.0). MySQL was not designed for that, and often has flaws where anyone can break into your database.

You can open 3306 to just your (home) IP address (or the server you'll be using it from.) It should look like "5.5.5.5/32 TCP port 3306". But beware that this isn't great security because other people could see your packets. (MySQL supports encrypted connections, but you have to set them up explicitly.)

The best way to test a port is open is to telnet to the port. You can test your setup with telnet my.mysql.ip.address 3306. If you get no message, the port is not open. If you get "connected to ..", then your MySQL port is working.

The most secure way to use RDS is from an EC2 instance. You can create trust between the EC2 instance and the RDS security group. Your packets won't travel over the Internet, but only on the AWS network. Other people won't be able to see your packets, because nothing in EC2 allows that.

Amazon RDS is a managed service for relational databases. It does not give access to the low level infrastructure.

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

There is no SSH, Telnet or Ping access authorised to an RDS instance

Seb

"RDS Instances are not configured to accept and respond to an ICMP packet for pings. The only way you can establish connectivity to your RDS instance is through a standard SQL client application."

This means, that adding ICMP rule into particular RDS security group, doesn't make your RDS instance reachable over ICMP.