Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Authentication error while connecting to MySQL RDS using IAM Authentication with VPN

0

We have a MySQL RDS in a private subnet which is setup to use IAM authentication. Everything works as expected. Once we attach a policy to the users that restricts access to AWS resources from a specific IP which is the VPN instance public IP. Authentication does not work. We are able to generate token from CLI, it works without the VPN only policy attached but the token does not work once the VPN only policy is applied. VPN is setup to route all requests to *.amazonaws.com through the VPN instance.

Tópicos
Rede e entrega de conteúdoSegurança, identidade e conformidadeBanco de dados
Tags
Amazon VPCAWS Identity and Access ManagementBanco de dados
Idioma
English
ChallaPradyumnaHiver
feita há um ano267 visualizações
1 Resposta
0

Usually when you connect through VPN. You get private IP assigned from a pool in VPN.

Then there are two scenarios.

1- Traffic gets NAT to Private ENI IP of VPN instance or 2- Traffic dont get NAT but pass actual IPassigned to users through NAT pool of VPN instance.

I would suggest to try adding both Private ENI IP of Nat instance and User pool of VPN in your IAM policy to test again.

Otherwise VPC Flow logs of MySQL RDS can also show what IP is source IP when it hits MySQL and build policy with that

Muhammad
respondido há um ano

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante