3

We have a Google Cloud Data Fusion instance that needs to connect to AWS RDS to pull data from it. The only problem is that we cannot whitelist the port 1433 to the world to make a connection to Google Cloud Data Fusion. How can we make Google Cloud Data Fusion interact with AWS RDS without globally whitelisting the port 1433?

Raman
  • 1,221
  • 13
  • 20
  • How is your AWS environment setup. Is RDS running in VPC or not? What about the firewall rules for RDS? – Kunal Deo Nov 16 '19 at 12:43
  • RDS is running in a VPC but the endpoint is publically available. The only restriction is not to whitelist (in security group) the traffic on the ingress port for RDS globally. We don't get a publically available IP when we spawn Google Cloud Data Fusion and that's why we don't have an IP which can be whitelisted in our security group. Kindly help if you have any information about the process that can be followed, @KunalDeo – Raman Nov 18 '19 at 08:16
  • What about VPN? Quick googling: https://cloud.google.com/community/tutorials/using-ha-vpn-with-aws Connects VPCs and whitelist private subnets. – Jan Garaj Jan 04 '20 at 19:38

1 Answers1

0

You can do by connection your AWS and GCP project through VPN. for more details refer below link

https://cloud.google.com/solutions/automated-network-deployment-multicloud

divyang4481
  • 1,584
  • 16
  • 32
  • the main problem is that we can't modify the AWS VPC and we wanted to whitelist a public IP (or a range of public IPs) of Cloud Data Fusion in security group attached to the RDS instance. – Raman Jan 06 '20 at 07:26
  • in that case you can use RDS proxy and connect cloud data fusion through RDS proxy – divyang4481 Jan 06 '20 at 08:59
  • Then the question comes back on the same page, @divyang4481. We don't want to open the traffic to the public internet, Google Cloud Data Fusion does not provide any public IPs and thus we wouldn't be able to whitelist any IPs for Cloud Data Fusion for RDS proxy access. Kindly correct me if I am wrong. – Raman Jan 06 '20 at 13:02
  • 1
    there is not way you can find public IP that use to connect your RDS. you can do through VPN only to have better control. https://cloud.google.com/solutions/using-gcp-apis-from-an-external-network – divyang4481 Jan 06 '20 at 13:33