Publicly accessing AWS RDS from outside VPC

Asked 21/7, 2017 at 1:6 Answered 1/1 at 17:42

Solved amazon-web-services amazon-rds amazon-vpc

I have a VPC configured with 3 X public and private subnets and an IGW for the public, NAT Gateway for the private.

When I create an RDS instance, I flag it as publically available. When I try to access the RDS endpoint, my connection fails.

I have created a security group to allow all traffic: 0.0.0.0/0, my VPC allows traffic coming from my network.

If I place my RDS in the public subnet, then I can connect as the IGW allows the connection. But when it is placed in the private subnet, the connection fails?

I have reviewed a fair bit of material on AWS and forums - but I cannot seem to finalise the connection. Is there something I am missing in the configuration?

Any help would be greatly appreciated.

Cheers.

Rustproof answered 21/7, 2017 at 1:6 Comment(5)

When you deploy it in private subnet, inbound connections from the internet cannot reach the private subnet and rds/ec2 instances in it. This is done usually for further hardening the security in your network setup. So placing in private subnet and not able to access from outside is expected behavior or either I'm not getting the question correctly – Olindaolinde 21/7, 2017 at 1:24

Hi @ashan, for best practices (at least from what I have read) it should be placed in a private subnet with the public accessibility flag set to true. I have also set an NAT Gateway with a EIP attached. – Rustproof 21/7, 2017 at 1:36

Even you apply publicaly accessible flag, if you place rds instance in private subnet its not accessible from outside – Olindaolinde 21/7, 2017 at 1:37

Were you able to solve the issue? – Olindaolinde 22/7, 2017 at 16:22

Yes I was, thank you @ashan – Rustproof 23/7, 2017 at 20:34

After looking into setting up an RDS instance with a connection outside the VPC to a client/application, I came across the following:

AWS suggests the following connections to an RDS:

An EC2 instance in the Same VPC
An EC2 instance in a different VPC
An EC2 instance not in a VPC
A client application through the Internet

Without using an EC2, you would have to place the RDS in a public subnet with an Internet Gateway attached and security group set up for incoming traffic.

Here is a reference link for you - A DB Instance in a VPC Accessed by a Client Application Through the Internet

Rustproof answered 21/7, 2017 at 2:47 Comment(0)

What i found is that my VPC had 2 private and 2 public subnets and RDS postgres was using all of these 4. I had to create a new subnet group inside RDS with only public subnets and moved the RDS postgres from one VPC to different VPC and moved back to original VPC in the newly created subnet group

Asperges answered 1/1 at 17:42 Comment(1)

painful... I expect that is what is happening for me, then. – Exciseman 20/2 at 5:55

Recommended topics

Hot tags