AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS Client VPN connection problem with RDS in same VPC

0

Is there a specific setting for any of the following (subnet, security group, client VPN endpoint) that I should be aware of, when I want to connect to RDS DB? I have an AWS Client VPC with enabled Client VPN endpoint. I can connect to the VPN using VPN client, and I also have an internet working just fine. But somehow when I try to access RDS, connection times out. RDS is located in a subnet group of all 4 subnets (public and private in region-X and region-Y.

주제
네트워킹 및 콘텐츠 전송
태그
AWS 클라이언트 VPN
언어
English
Joon
질문됨 한 달 전123회 조회
1개 답변
1

Hello.

What are the inbound rules of the RDS security group?
For example, does the security group allow connections from the VPN client endpoint's security group?
Also, when you resolve the name of an RDS endpoint using the "dig" command, will an IP address be returned from the VPC CIDR range?
If public access is enabled on RDS, a public IP address will be returned, so even if communication is via VPN, it may not be possible to connect depending on the AWS configuration.

profile picture
전문가
Riku_Kobayashi
답변함 한 달 전
profile picture
전문가
Oleksii Bebych
검토됨 한 달 전
  • Riku_Kobayashi 전문가
    한 달 전

    Also, if RDS is in multiple VPCs, you will need to set up something like a Transit Gateway to be able to communicate with multiple VPCs. I think the following AWS blog will be helpful for AWS VPC configuration. https://aws.amazon.com/jp/blogs/networking-and-content-delivery/using-aws-client-vpn-to-scale-your-work-from-home-capacity/

  • Joon
    한 달 전

    Thank you for your answer.

    • Inbound rules of my RDS is allowed to receive all traffic from a security group called "A" (source, with all protocol and types). Client VPN endpoint is associated with "A" security group, and "A" security group is permitted for all traffic from default VPC security group.

    Client VPN endpoint -> Security Group Associated with: A, Inbound Rule Source, Type, Protocol: default VPC sg, All, All RDS Instance -> Security Group Associated with: B, Inbound Rule Source, Type, Protocol: A, All, All

    • "dig" command returns the IP address within VPC CIDR range:

    ;; ANSWER SECTION: xxxxxx.abcdefghijk.us-west-1.rds.amazonaws.com. 5 IN A 10.0.X.XX

    • Public access is set to No for my RDS instance. I actually tested out by setting it to Yes and "dig" command did return a public IP address. I've also tried to query a table within the DB instance, and mysql connection timed out just like you said. Normally when I set a DB instance to public, mysql connection is established but not this case. Can you assume what AWS configuration is prohibiting the connections?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠