0

We have a centralized postgresql database hosted on AWS RDS, and also many applications deployed to both AWS and Azure that needs to connect to this database.

For security reasons, our database is firewalled, and we use a security group with an inbound entry for each of our applications IP address, to let it access the database.

We deploy and stop multiple applications each day, so the IP addresses of the applications that needs to connect is dynamic.

There's one problem - there is a limit on the number of entries in a security group.

How can we connect a large number of applications from multiple cloud providers to our database ?

edit: Initially I incorrectly stated that our applications are only deployed on AWS EC2, but the whole point is that our applications are hosted both on AWS and on Azure.

Liron
  • 3
  • 3

1 Answers1

2

Instead of specifying IP addresses in the security group rules, specify security group IDs. This will allow any server that belongs to a specific security group to access your RDS server.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • Thanks for the reply. I edited my question as it did not describe my issue well. – Liron Feb 01 '17 at 19:43
  • @Liron Yeah that completely changes the entire problem. You could possibly setup a NAT gateway on Azure so that all requests from Azure to AWS use the same IP address. Or you could do something like this to create a VPN connection between Azure and AWS: https://blogs.technet.microsoft.com/canitpro/2016/01/11/step-by-step-connect-your-aws-and-azure-environments-with-a-vpn-tunnel/ which should then allow you to whitelist a range of internal IP addresses. – Mark B Feb 01 '17 at 19:47