3

I have an RDS in a public subnet in my default VPC. It's set to "Public accessibility: Yes". Its VPC security groups allow inbound access from a couple of CIDR blocks (basically, our office and VPN IP's) and a Lambda function.

I can connect to this database from anywhere, and I don't want to be able to.

My assumption was that, while "Public accessibility" would give it an external IP and domain, the security group restrictions would still apply: I could try to connect to myrdsdatabase.eu-west-1.rds.amazonaws.com but, unless I was on one of the whitelisted security group IPs, the connection would be refused. From the docs:

["Public accessibility"] lets you designate whether there is public access to the DB instance. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance does not permit it.

Am I misreading the above, or have I simply applied the security groups wrong? How do I allow RDS access from a whitelist of external IPs?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Wintermute
  • 2,973
  • 4
  • 32
  • 52
  • Your assumptions are correct. Therefore, the task is to figure out what has been incorrectly configured. Do you have only **one security group** associated with the Amazon RDS instance, or more than one? Could you please show us how you have configured the security group? (You can mask-out specific IP addresses, but it would be handy to see whether they are public or private IP addresses.) If you are able to experiment, could you temporarily **remove all inbound rules from the security group** and confirm whether you are able to access the database? – John Rotenstein Jan 24 '20 at 05:39
  • Yes, your assumptions are correct, you have to check Inbound rules in security groups. Try to remove ann RDS inbound connection, and again add new and select local IP address option in dropdown selection. (This will allow RDS only for your local IP address). – Ravi Khunt Jan 24 '20 at 06:09

0 Answers0