By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is it possible to set up PrivateLink connection to SQL Server running in another AWS account's VPC?

0

I have VPC-1 and VPC-2 in different AWS accounts. Both VPC's have private and public subnets.

VPC-1 has IIS and SQL servers running on the same EC2 Win Server in private subnet. I set up Endpoint Service associated with a Network Load Balancer targeting this EC2 instance.

In VPC-2, I set up Interface Endpoint in public subnet and requested connection acceptance from VPC-1. After request was accepted in VPC-1 Endpoint Service, both endpoints have Available status. However, when I try connecting to SQL Server in SSMS running in VPC-2 public subnet, the connection is timed out.

What I have tried is as follows.

Tested SSMS SQL connection from VPC-1 public subnet using Load Balancer's DNS and it worked fine. Tried to use both VPC-2 regional and zonal endpoints' DNS in SSMS but to no avail. Checked out VPC-2 ACL's, they all allow all inbound and outbound traffic. Checked out VPC-2 public EC2 Win Server security group. It has permitted inbound TCP traffic for Interface Endpoint's IPv4 address in ports 80 and 58090 Please note, the VPC-1 SQL Server is set up on port 58090. Tested PrivateLink with port 80. In my test, I set up PrivateLink between VPC-1 and VPC-2 through TCP port 80 and added another target to the same VPC-1 Load Balancer for port 80. Then, I RDP'd to EC2 running in VPC-2 public subnet, and opened web page from VPC-1 private subnet's IIS. PrivateLink through port 80 worked fine between VPC-1 and 2.

Topics
DatabaseNetworking & Content Delivery
Tags
Microsoft SQL ServerAWS PrivateLink
Language
English
rePost-User-4543988
asked a year ago507 views
1 Answer
0
Accepted Answer

Apparently what you are trying should work.

I will start with basic. From Instance in VPC 2 , do dig/nslookup to URL of Private Link to see if DNS resolution is working fine? If yes, then use CMD or terminal and try to telnet on privatelink URL with SQL port from instance in VPC 2 , for example privatelinkdnsname.regionnameet.com.aws PORTNUMBER to see if it connects or not

This will give some idea of the issue. Is SQL ports open INBOUND SG/ACL attached to ENI of Privatelink in VPC 2?

VPC Flowlogs in VPC 2 can be helpful to investigate further as well.

Muhammad
answered a year ago
profile pictureAWS
EXPERT
Tushar_J
reviewed a year ago
  • rePost-User-4543988
    a year ago

    Thank you, Muhammad for your valuable advice.

    Traffic was blocked on port 58090 because of missing Firewall inbound and outbound rules for port 58090 in VPC-2 instance. I was able to pinpoint this issue using telnet and powershell tnc.

    Sorry, I must admit that I misprinted VPC-1 SLQ Server port number in my question. It is 58090, not 1433 as I originally wrote.

    Cheers.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content