I have one web application hosted in EC2, and its backend database is in RDS (SQL Server).
I would like to configure the outbound rule (IP address) in my EC2 instance so that it can connect to the RDS SQL Server instance.
As RDS has dynamic IP address, how to configure the EC2 outbound rule so that it can communicate with RDS without any problem? And, what is the best practice to do it, so that best security practice can be achieved? Thanks.
Create a VPC security group (let's call it sg-rds) and place your RDS instance in it. Create another VPC security group (sg-ec2) and place your EC2 instance in that one.
Then, add an Outbound Rule in sg-ec2 that allows TCP traffic on port 1433 to go to sg-rds, specifying sg-rds as the Destination of the rule:
Depending on the security group settings for your RDS database, you'll also need to set up the equivalent Inbound Rule from sg-db to sg-ec2.
By setting up the security group rules in this way, you'll always be able to connect between EC2 servers in sg-ec2 and your RDS database in sg-rds even if their IP addresses change.
