Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Authentication error while connecting to MySQL RDS using IAM Authentication with VPN

0

We have a MySQL RDS in a private subnet which is setup to use IAM authentication. Everything works as expected. Once we attach a policy to the users that restricts access to AWS resources from a specific IP which is the VPN instance public IP. Authentication does not work. We are able to generate token from CLI, it works without the VPN only policy attached but the token does not work once the VPN only policy is applied. VPN is setup to route all requests to *.amazonaws.com through the VPN instance.

Argomenti
Networking e distribuzione di contenutiSicurezza, identità e conformitàDatabase
Tag
Amazon VPCGestione identità e accesso AWSDatabase
Lingua
English
ChallaPradyumnaHiver
posta un anno fa267 visualizzazioni
1 Risposta
0

Usually when you connect through VPN. You get private IP assigned from a pool in VPN.

Then there are two scenarios.

1- Traffic gets NAT to Private ENI IP of VPN instance or 2- Traffic dont get NAT but pass actual IPassigned to users through NAT pool of VPN instance.

I would suggest to try adding both Private ENI IP of Nat instance and User pool of VPN in your IAM policy to test again.

Otherwise VPC Flow logs of MySQL RDS can also show what IP is source IP when it hits MySQL and build policy with that

Muhammad
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente