- Newest
- Most votes
- Most comments
To mitigate the transitive routing limitation of VPC Peering and enable querying the vendor's RDS instance from your on-premise client, consider deploying the following services:
-
AWS PrivateLink: Establish a private endpoint in your VPC to access the vendor's RDS instance. This will allow you to access the RDS instance without exposing it to the public internet.
-
AWS Lambda: Create a Lambda function that acts as a proxy between your on-premise client and the vendor's RDS instance. The Lambda function can be triggered by API Gateway or SQS, and can handle the query execution and data transfer.
-
Amazon API Gateway: Set up an API Gateway REST API that accepts queries from your on-premise client and triggers the Lambda function. This will provide a secure and managed entry point for your queries.
-
AWS Fargate: Run a containerized proxy application (e.g., a MySQL proxy) on Fargate, which can handle the query execution and data transfer. This provides a scalable and serverless compute option.
-
Amazon EC2: Deploy an EC2 instance as a proxy server, running a MySQL proxy or a custom application that handles the query execution and data transfer.
Consider factors like:
- Security: PrivateLink, Lambda, and API Gateway provide robust security features.
- Scalability: Lambda and Fargate offer serverless scalability.
- Performance: Lambda and Fargate can handle large data transfers.
- Complexity: EC2 requires more management effort.
Thanks for your response. I'm pursuing the Fargate option. Great call!
-
EC2 Instance as a Proxy:
Deploy an EC2 instance in your AWS VPC.
Install a proxy service (e.g., socat, HAProxy) on the instance.
Forward SQL queries from the on-premise client to the RDS instance.
-
AWS PrivateLink with Network Load Balancer (NLB):
Set up an NLB in your AWS VPC to forward traffic to the RDS instance.
Expose the NLB as a PrivateLink service.
Create a VPC endpoint for on-premise access.
-
Transit Gateway (TGW) with EC2 Proxy:
Use an EC2 instance connected to the Transit Gateway as a proxy.
Configure TGW route tables to allow traffic between on-premise, EC2 proxy, and RDS.
Relevant content
- Accepted Answerasked 4 years ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Thanks for your response. I'm proceeding with your solution + the 2nd responders Fargate option.