En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How do I successfully peer two VPCs using transit gateway?

0

I am trying to peer two VPCs through a transit gateway, but I am having trouble making a connection from a pod in VPC_1 to VPC_2's RDS instance.

  • VPC_1 has a cluster with an RDS instance (MySQL).
  • VPC_2 has a cluster for which node groups must be able to connect to the RDS instance.

I ensured the following:

  • There is a transit gateway attachment between the transit gateway and VPC_1, and VPC_2. So they are both attached to the same transit gateway.
  • There is an inbound security group rule in the RDS instance allowing traffic from VPC_2's IP address range on port 3306.

I spun up a pod inside VPC_2's EKS cluster and attempted to connect to the RDS instance of VPC_1, but I was unable to connect. I am not sure what could be missing here, I am thinking perhaps some route tables or some security group rules. But from my understanding, the configuration that I have should be enough to achieve connectivity.

Can someone please help guide me, or give me some pointers on what I could be missing?

I have tried the following:

  • Using the AWS connectivity analyzer to check if the connection between the 2 VPCs is fine. It says it's good but I don't always trust it.
Sujets
Réseaux et diffusion de contenuConteneursBase de données
Balises
Amazon VPCRéseaux et diffusion de contenuService Amazon Elastic KubernetesGroupe de sécuritéAmazon RDS pour SQL Server
Langue
English
AWSquestions12311
demandé il y a 2 mois242 vues
1 réponse
4
Réponse acceptée
  1. You need routes in both VPC's subnets to reach each other via TGW
  2. You need to check Transit Gateway route tables associated with TGW attachments. If routes were not Propagated, you need to create Static routes
  3. (Optional) It is Better to refer to EKS Node SG ID in the INBOUND rule of RDS SG instead of the whole VPC CIDR. Anyway, your configuration of SG should work
profile picture
EXPERT
Oleksii Bebych
répondu il y a 2 mois
profile picture
EXPERT
Artem
vérifié il y a un mois
profile pictureAWS
EXPERT
Tushar_J
vérifié il y a 2 mois
  • AWSquestions12311
    il y a 2 mois

    I was missing the route in one direction, even though I had it set for the other direction. So I just edited the route tables and made sure the subnets accept each other. Thank you so much!

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents