- Newest
- Most votes
- Most comments
Hello.
To communicate between different VPCs, you need to set up VPC peering or set up TransitGateway.
In this case, since the number of VPCs is small, I think it would be a good idea to set up VPC peering.
You can communicate by setting up VPC peering using the steps in the document below and setting routes to each other's VPCs in the subnet route table within each VPC.
In other words, you need to add a route destined for VPC-2 in the route table for VPC-1, and a route destined for VPC-1 in the route table for VPC-2.
https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html
Also, although it is possible to allow VPC CIDR in the RDS security group, it is also possible to refer to the security group, so it is possible to further narrow down the communication.
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
To enable communication from your ECS cluster in VPC1 (CIDR: 10.30.0.0/16) to your RDS cluster in VPC2 (CIDR: 10.60.10.0/24), follow these steps:
1. VPC Peering or Transit Gateway:
-
Set up a VPC peering connection between VPC1 and VPC2 or use an AWS Transit Gateway.
-
Update route tables in both VPCs to route traffic between them through the peering connection or Transit Gateway.
-
VPC Peering Guide: VPC Peering Documentation
-
Transit Gateway Guide: AWS Transit Gateway Documentation
2. Security Group Configuration:
- Allow inbound traffic from VPC1 (CIDR: 10.30.0.0/16) to your RDS instance security group on the appropriate database port (e.g., port 3306 for MySQL, 5432 for PostgreSQL).
- Ensure the ECS task security group allows outbound traffic to RDS.
3. Route Table Updates:
- In VPC1, update the route table to route traffic destined for 10.60.10.0/24 (RDS) through the peering or Transit Gateway.
- In VPC2, update the route table to route traffic destined for 10.30.0.0/16 (ECS) similarly.
4. Network ACLs:
- Ensure network ACLs in both VPCs allow traffic between them.
5. Test the Connection:
After configuring, test the ECS application to ensure it can connect to and interact with the RDS instance.
By following these steps, your ECS application should be able to read/write data to the RDS instance in VPC2.
Let me know if you need more details!
Relevant content
- Accepted Answerasked 2 years ago
- asked 8 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago