2

I have an EC2 instance with no public IP address and I want it to access my RDS instance. I have put the two instances in the same VPC and subnet. I have tried the following (*) but did not work. Only when I set a public IP address to the Ec2 instance then add it to the security group of the RDS instance that it worked. But that is not what I want since this ec2 instance should be private and not have a public ip.

*tried adding the following to RDS security groups

  1. private ip address of ec2
  2. ip 10.0.0.0/32
  3. security group assigned to ec2
h2o
  • 45
  • 7
  • Is rds insurance in same vpc as the ec2 insurance? – Marcin Jan 23 '22 at 09:08
  • @Marcin i am sorry, i am not familiar with rds "insurance"? but both the rds and ec2 instances are in the same vpc.. – h2o Jan 23 '22 at 10:14
  • I meant rds instance. Sorry. – Marcin Jan 23 '22 at 10:31
  • 1
    IF it's in the same vpc, then it should access the `RDS`. What port are you whitelisting on `RDS` SG? It's `3306` by te way usually and you can whitelist the `SG` of the instance on `RDS` SG on the specified port. – Riz Jan 23 '22 at 10:55
  • @Riz Thank you for confirming about whitelisting. I have set the port to 3306 however did not work. I was able to resolve this by fixing my VPC's settings then whitelisted the ec2 instance in the RDS security groups. Thank you again! – h2o Jan 24 '22 at 01:56

1 Answers1

0

This is a classic EC2 - RDS security setup that you are looking for, in order to solve it, you will have to make sure that:

  1. The ec2 is in a private subnet and that it is protected by a security group (RED box in diagram below)
  2. The RDS is in the private subnet too and that it is protected by a security group (Yellow box in diagram below).
  3. To enable communication between the two, you will need to whitelist the security group of the EC2 in the security group of the RDS instead of a public ID. (You will need to whitelist the red box in the inbound rules of the yellow box).

You can use the diagram below to ease the understanding of how the setup should work.

enter image description here

Here is a guide on how you can achieve this

Allan Chua
  • 9,305
  • 9
  • 41
  • 61
  • 1
    Thank you for confirming that whitelisting the security group of the EC2 in the security group of the RDS should work. I have already tried this however did not work.. So I tried looking at other settings and found out that the problem was with my VPC. I have set the DNS hostname to disabled while setting the RDS's public access enabled. I fixed this part then whitelisted the ec2 instance in the RDS security groups then it worked! Thank you again. – h2o Jan 24 '22 at 01:53
  • @h2o, if the answer helped you solved the problem, you can help others too by marking the solution above as the answer! It will help other AWS customers by seeing that the solution worked for you man! – Allan Chua Jan 24 '22 at 01:59