0

I would like to let my AWS EKS node to communicate with AWS RDS. Both of them are in the same subscription and region so no need to implement any sci-fi architectures. Just a simple one would be enough.

I started to investigate and I found a couple of stackoverflow threads.

  1. This is the first idea where the Security Groups for Pods is "implemented". This is not my case. I'm happy to share the RDS with all the whole nodes. Am I wrong?
  2. This is the second idea (actually in the same thread) where they suggest to put all the different resources (RDS and EKS) in the same VPC (shared?). Is it a good idea?
  3. And finally here the VPC Peering Connection is suggested as a good solution. Is it really a good solution? I can see here the announcement which stands that: "all data transfer over a VPC Peering connection that stays within an Availability Zone (AZ) is now free". This is good, but looks like an enterprise solution for a simple problem.

Can you help me here in choosing a good solution which can properly fit my scenario? Can I set a proper IAM/Roles instead?

brian enno
  • 400
  • 5
  • 16
  • 1
    You mention "subscription", this is Azure's concept, for AWS you have accounts. You should use 3-tier design and create separated subnets for DB, read this `https://stratus10.com/blog/aws-best-practices-3-tier-infrastructure`. Using security groups for pods is your choice, you can use it if you want (not mandatory). If you create only 1 VPC, you don't need VPC peering (need 2 VPCs for this feature) – Franxi Hidro Mar 17 '22 at 17:01
  • You should do a lab, create EKS, MySQL RDS and test it. – Franxi Hidro Mar 17 '22 at 17:05

0 Answers0