I describe my scenario which is not like the one described here Unable to add Ec2 VPC Security group in Non VPC RDS MySQL Security group? or here Adding Spot Instances to the Security Group of an RDS Instance: I have a fleet of spots in a ec2 vpc and I want to give you access to a rds data base that is in ec2 classic. Just like the second link, my spots are renewed from time to time and I have to be able to add the ip of the lawnched machine to the security group of the rds instance.
The configuration from the console is possible and works fine, just go to the security group of your rds instance and add a rule with a CIDR/IP.
But by doing so by cli with this command:
aws rds authorize-db-security-group-ingress --db-security-group-name default --cidrip xxx.xx.x.xxx/32
I get this error:
HTTPSConnectionPool(host='ec2.eu-west-1c.amazonaws.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<botocore.awsrequest.AWSHTTPSConnection object at 0x__________>: Failed to establish a new connection: Errno -2] Name or service not known',))
Details
I created an IAM user with this Permissions boundary: AuthorizeDBSecurityGroupIngress
Both spots vpc and rds ec2 classic instances are in the same eu-west-1c availability zone.
In the documentation of the command don't specify specifically that you can't do https://docs.aws.amazon.com/cli/latest/reference/rds/authorize-db-security-group-ingress.html. Also it would be strange that it can be done from the console and not from the cli.
I don't know what I'm missing, any ideas?