By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to establish connection between an EC2 server in one aws account to a Postgres database in another aws account

0

I have an Ubuntu EC2 server running in us-east-2 in one of my aws accounts, and I need to connect the EC2 to Postgress database in us-east-1 in another aws account that I manage. Note:

  1. The Postgres database is NOT publicly available.
  2. I have setup a VPC peering between the two accounts
  3. I have configured the route tables in both VPCs to enable network communications between the CIDRs of both VPCs After these configurations, I could not establish communication from the ec2 to the database. What else do I need to do to enable my EC2 connect to my Postgres db?
Topics
Networking & Content DeliveryDatabaseCompute
Tags
Amazon VPCPostgreSQLAmazon EC2Database
Language
English
Sunday
asked 4 months ago331 views
1 Answer
0
Accepted Answer

To troubleshoot, can your EC2 do nslookup on the RDS DNS name? Does it resolve to a private IP from the RDS VPC CIDR? If so, you can enable VPC flow logs in the VPC where the RDS is, and check if you are seeing the flows getting through that VPC, then to the RDS ENI. If it doesn't resolve, check this condition in bold:

Private IP DNS name (IPv4 only)

You can use the Private IP DNS name (IPv4 only) hostname for communication between instances in the same VPC. You can resolve the Private IP DNS name (IPv4 only) hostnames of other instances in other VPCs as long as the instances are in the same AWS Region and the hostname of the other instance is in the private address space range defined by RFC 1918: 10.0.0.0 - 10.255.255.255 (10/8 prefix), 172.16.0.0 - 172.31.255.255 (172.16/12 prefix), and 192.168.0.0 - 192.168.255.255 (192.168/16 prefix).

You might be blocked that the DNS is not able to resolve the private DNS name because they are in different regions. Source: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html

profile pictureAWS
AmerO
answered 4 months ago
profile picture
EXPERT
MaxCloud
reviewed 4 months ago
  • Sunday
    4 months ago

    Thank you @AmerO, I've used nslookup/dig on the RDS Endpoint, it resolves to the private IP of the RDS in the RDC-VPC CIDR. However, when I used the nc command (nc -zv <rds-host-endpoint> <port>) to test the connection to the RDS, I get the response "failed: No route to host"

  • AmerO
    4 months ago

    Hi Sunday, use Reachability Analyzer service in your console. One time add the source as the EC2 ENI, and destination is the IP address of the DNS. Then revalidate the reverse traffic path using reachability analyzer. It should be able to tell if anything blocking you within the EC2 VPN in term of routing to the right VPC peering or anything else blocking like SG or NACL. Again repeat the same in the account where you have the RDS VPC. In this scenario, use the RDS as a source and the EC2 IP address for destination.

  • Sunday
    4 months ago

    Thank you @AmerO for the insightful suggestions. I used the reachability analyzer and it showed there was no route to established. So I had to review my network and discovered the that while I was using a 3-tier architecture, my database subnet route-table was not configured to use the VPC-peering connection. I updated my database subnet route table with the VPC peering connection and I was able to establish Connection. Once again, thank you very much for pointing in the right direction

  • AmerO
    4 months ago

    Great! please accept the answer if you find this guidance is helpful for other users.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content