How to move DocumentDB to a private subnet

0

I created a DocumentDB cluster that is now connected to a few EC2s in a ASG.

I know that for security reasons this should stay in a private subnet, is that really important? How can I check if my cluster is in a public subnet or a private one? And if it is in a public subnet, how can I move it to a private one?

thanks M

1개 답변
0

Hello,

Amazon DocumentDB clusters are deployed within an Amazon Virtual Private Cloud (Amazon VPC). They can be accessed directly by Amazon EC2 instances or other AWS services that are deployed in the same Amazon VPC. Additionally, Amazon DocumentDB can be accessed by EC2 instances or other AWS services in different VPCs in the same AWS Region or other Regions via VPC peering [1].

On the Amazon DocumentDB management console find your cluster and link on the VPC. Maybe you created one or choose at creation[2].

Securityis the top priority. To identify if your VPC is public or private lies in what it means in AWS for a subnet of a VPC to be 'public' vs. 'private'. Public subnets have a default route to an Internet Gateway; private subnets do not.

So, to determine if a given subnet is public or private, you need to describe the route table that is associated with that subnet. That will tell you the routes and you can test for a 0.0.0.0/0 route with a gateway ID of igw-xxxxxxxxxxxxxxxxx (as opposed to local), this confirms that you are looking at a public subnet [3].

References:

profile pictureAWS
답변함 일 년 전
  • Thanks for your reply.

    I am in a situation with DocumentDB and EC2s instances in the same VPC. EC2s can access DocumentDB.

    Then I have a lambda function in the same VPC but it can't access My DocumentDB cluster.

    I know how to check if a subnet is public or private, I would like to check if documentDB is on a public one, as I can only see the link to the VPC, and my VPC has both private and public subnets.

  • If your VPC has both private and public subnets., then is a public VPC. Review the documentation for Lambda to access resources in a VPC [1]. The logs for the Lambda in the Clouwatch returns what type of result?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠