The user cannot authorize an Amazon EC2 security group if it is in a different AWS Region than theRDS DB instance. The user can authorize an IP range or specify an Amazon EC2 security group in thesame region that refers to an IP address in another region. Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithSecurityGroups.html