I would like to allow access to an RDS for a group of ip's outside the VPC (devs using workbench). However, I would like to leave 'Publicly Accessible' disabled. Is there a way to do this?
Config: Rds_01 is inside vp_01 which has security group rds_sec_01 attached. Mysql rules for open (0.0. etc).
What I have tried:
Any help would be much appreciated.
Thank you
Nope. If you want it to be publicly accessible, you'll have to make it publicly accessible. You can make it publicly accessible and limit the IP addresses that can connect in the Security Group, though.
I recognize this is a little old but I want to suggest that a Liason/Bastion server may be a better answer for the specific case of developers accessing the database.
In simple terms you set up a cheap EC2 instance in the same VPC as the RDS instance and make that publicly accessible, give it an Elastic IP. Then you can add the public keys for your developers to this liason server. Using an SSH Tunnel your developers can attain access to the database.
You can even use a security group to limit the IPs that can connect to the liason server over ssh. Since the database isn't on the public internet it's safe from various scans and direct exploits, and you're placing another layer of authentication for direct DB access in the form of public key authentication.
