Route public 3306 traffic to private VPC through NAT?

Question

I have an Aurora database on a VPC. Today I needed to connect to that database through Lambda. Not really an issue except I needed internet access in that Lambda and so I had to setup the following:

I added a new subnet for the public NAT.
I added a NAT Gateway and assigned it to a new EIP and the new subnet.
I added a new route table that routed all traffic to the igw and associated that table with the new subnet I created in step 1.
I modified the Main route table and routed all traffic to the NAT.

This gave me internet access in my Lambda, and by running the Lambda on the VPC, I also had access to my Aurora database.

However, I have now lost public access to this database through MySQL Workbench.

What do I need to configure to route the public traffic back to the VPC?

[Cross-posted to Stack Overflow](http://stackoverflow.com/a/42744909/1695906). — Michael - sqlbot, Mar 12 '17 at 15:57

score 3 · Answer 1 · answered Mar 12 '17 at 05:45

The answer to your question is you must undo step 4 and use a different subnet for lambda to access the Internet.

However you should never, ever, make MySQL publically accessible. This is a massive security risk. Use an SSH tunnel or VPN to access it instead

Route public 3306 traffic to private VPC through NAT?

1 Answers1