I want to configure private and public Amazon Aurora endpoints for Aurora DB instances running in the Amazon Relational Database Service (Amazon RDS).
Short description
You can launch an Amazon Aurora cluster in Amazon Virtual Private Cloud (Amazon VPC). The DB subnet group that you choose must span at least two Availability Zones in the AWS Region where you want to deploy your cluster. For the Aurora DB instance to be either publicly accessible or accessible only inside the Amazon VPC, you must configure these two settings:
- At the VPC subnet level, set your DB subnets public or private-only based on the route table associated with the subnet. To avoid any connection issues after failover, be sure that the subnets in the DB subnet group all have the same configuration.
- At the DB instance level, set the publicly accessible parameter to either yes or no. This setting determines whether your DB instance is reachable through the internet.
Note: Make sure that the VPC security group used by the DB instance allows you to have access from the source IP address or CIDR range. For more information, see Security group rules for different use cases.
Resolution
Create a publicly accessible Aurora DB cluster
When you use the console to create an Amazon Aurora DB cluster, Amazon RDS automatically creates a VPC for you. You can also use an existing VPC or create a new VPC for your Aurora DB cluster.
- Create a DB subnet group that defines at least two subnets in the VPC. Make sure that the route table associated with the subnets is configured for public access.
- Create an Aurora DB cluster in the VPC.
- On the Create database pane, from the Connectivity section, select the Virtual Private Cloud (VPC) that you created.
- From Subnet group, select the DB subnet group that has publicly available subnets.
- From the Connectivity section, set Public access to Yes.
- From VPC security group, choose a security group that gives you access to the public IP addresses and CIDR ranges that you want.
To create a private only Aurora DB cluster, follow the preceding steps, but in step 5, set Public access to No.
Change public accessibility of running instances in an Aurora DB cluster
To change whether the running instances in the Aurora cluster are publicly accessible, follow these steps:
- Sign in to the Amazon RDS console.
- In the navigation pane, choose Databases, and then select the Aurora DB instance in the Aurora Cluster that you want to modify.
- Choose Modify.
- From the Modify DB instance page, under Connectivity, expand the Additional Configuration section. Set Public access to either Yes or No.
- Choose Continue, and then check the summary of modifications.
- To apply the changes immediately, select Apply immediately. When you change this setting on the existing DB instance in the cluster, that change affects the network connectivity.
Note: You can't give an Amazon Aurora Serverless v1 DB cluster a public IP address. You can access an Aurora Serverless v1 DB cluster only from within a VPC. For more information, see Using Amazon Aurora Serverless v1.
Related information
How to create a VPC to use with Amazon Aurora
Modify a DB instance in a DB cluster