Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

AWS Client VPN connection problem with RDS in same VPC

0

Is there a specific setting for any of the following (subnet, security group, client VPN endpoint) that I should be aware of, when I want to connect to RDS DB? I have an AWS Client VPC with enabled Client VPN endpoint. I can connect to the VPN using VPN client, and I also have an internet working just fine. But somehow when I try to access RDS, connection times out. RDS is located in a subnet group of all 4 subnets (public and private in region-X and region-Y.

Argomenti
Networking e distribuzione di contenuti
Tag
VPN per clienti AWS
Lingua
English
Joon
posta un mese fa123 visualizzazioni
1 Risposta
1

Hello.

What are the inbound rules of the RDS security group?
For example, does the security group allow connections from the VPN client endpoint's security group?
Also, when you resolve the name of an RDS endpoint using the "dig" command, will an IP address be returned from the VPC CIDR range?
If public access is enabled on RDS, a public IP address will be returned, so even if communication is via VPN, it may not be possible to connect depending on the AWS configuration.

profile picture
ESPERTO
Riku_Kobayashi
con risposta un mese fa
profile picture
ESPERTO
Oleksii Bebych
verificato un mese fa
  • Riku_Kobayashi ESPERTO
    un mese fa

    Also, if RDS is in multiple VPCs, you will need to set up something like a Transit Gateway to be able to communicate with multiple VPCs. I think the following AWS blog will be helpful for AWS VPC configuration. https://aws.amazon.com/jp/blogs/networking-and-content-delivery/using-aws-client-vpn-to-scale-your-work-from-home-capacity/

  • Joon
    un mese fa

    Thank you for your answer.

    • Inbound rules of my RDS is allowed to receive all traffic from a security group called "A" (source, with all protocol and types). Client VPN endpoint is associated with "A" security group, and "A" security group is permitted for all traffic from default VPC security group.

    Client VPN endpoint -> Security Group Associated with: A, Inbound Rule Source, Type, Protocol: default VPC sg, All, All RDS Instance -> Security Group Associated with: B, Inbound Rule Source, Type, Protocol: A, All, All

    • "dig" command returns the IP address within VPC CIDR range:

    ;; ANSWER SECTION: xxxxxx.abcdefghijk.us-west-1.rds.amazonaws.com. 5 IN A 10.0.X.XX

    • Public access is set to No for my RDS instance. I actually tested out by setting it to Yes and "dig" command did return a public IP address. I've also tried to query a table within the DB instance, and mysql connection timed out just like you said. Normally when I set a DB instance to public, mysql connection is established but not this case. Can you assume what AWS configuration is prohibiting the connections?

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente