Restrict RDS Inbound Rules for AWS App Runner Access Only

Question

this  is to update the security configuration of our PostgreSQL RDS instance. Currently, our RDS security group allows connections from any IP address (0.0.0.0). However, this is not secure and we want to limit the inbound rules to only allow connections from our AWS App Runner service. is it possible? if yes how to do that?

Accepted Answer

Hi,

AWS App Runner services can now communicate with other applications hosted in an Amazon VPC. Within App Runner, you can now create VPC connectors that specify which VPC, subnets, and security groups to use for private networking.

Once you have configured the App Runner with VPC connector, you can configure RDS security group to accept traffic from the subnet range of the VPC which you connected with App Runner, or accept the traffic from the security group configured with App Runner.

Please take a look at this [documentation](https://docs.aws.amazon.com/apprunner/latest/dg/network-vpc.html) for Enabling VPC access for outgoing traffic.

Additional documentation

[Deep Dive on AWS App Runner VPC Networking](https://aws.amazon.com/blogs/containers/deep-dive-on-aws-app-runner-vpc-networking/)

[New for App Runner – VPC Support](https://aws.amazon.com/blogs/aws/new-for-app-runner-vpc-support/)

Restrict RDS Inbound Rules for AWS App Runner Access Only

관련 콘텐츠