I currently have 2 VPCs set up on the same Amazon account, in the same region. Lets call them vpc-111111 and vpc-222222 for illustration.
I have a public RDS server running in vpc-111111 (along with some Elastic Beanstalk instances). However, I have just set up a new Elastic Beanstalk instance on vpc-222222 which needs to access the RDS server in vpc-111111.
Normally, I would just tweak the security policy of the RDS instance to include the security group of each EB instance, to allow them to access the RDS server via port 3306.
However, when changing the RDS security group settings, I am unable to select any EB security groups from vpc-222222. It only lists the security groups for vpc-111111 to choose from.
As a short term measure, I have simply added the public IP address of the EB instance to the RDS security policy, but this seems inelegant and messy to me, as I will have to keep manually changing it if I rebuild the EB environment - PLUS it won't work if the EB instance auto scales to add new instances later.
I think I have missed something obvious here. Do I need to peer the two VPCs and set up the vpc-222222 subnet within the RDS security policy to allow access?
