0

So we have a Fargate task running in a private subnet. It connects to a MySQL instance running on AWS RDS in a different VPC that is linked. So far so good, the RDS security group allows communication from the group the Fargate task belongs to and the task is able to connect just fine.

But when setting the RDS instance to be "publicly accessible", the connection stops working.

As far as I understand, all the "publicly accessible" option does is assign the instance a public IP and making the endpoint name resolve externally as well as internally, so it shouldn't limit connectivity.

I have also verified that I am able to connect to the instance from the outside, though from a specifically allowed IP.

Could it be that the Fargate task gets routed through the NAT gateway, and therefore will be blocked by the security groups settings?

Any idea where to start troubleshooting?

Duckslayer
  • 1
  • 1
    if you have an internal connection, why would you like to expose the rds to public? – c4f4t0r Jul 11 '19 at 12:36
  • In order to connect and do administration from the office. I know there are other ways of solving that, but I am confused as to why making it public would break other connections. – Duckslayer Jul 11 '19 at 13:04

0 Answers0