How to proxy SQL queries from on-premise client to 3rd party RDS via VPC peering?

0

I'm looking for guidance on which service I can deploy to mitigate the transitive routing limitation of VPC Peering.

I'm working with a vendor who offers a VPC peering connection to a read-only RDS instance (MySQL). This is their only connectivity offering. We do not have overlapping CIDRs, and peering should be straight forward.

However, we need to query this RDS instance from an on-premise client. The on-premise network is reachable to our AWS VPC via direct connect + transit gateway.

The query could take several minutes to execute, and could return results in the 10s of MBs.

I have to assume we'll be given an FQDN to the vendor's RDS instance. Which service would be best to use as a proxy between our on-premise client, and the vendor's database?

  • Thanks for your response. I'm proceeding with your solution + the 2nd responders Fargate option.

profile picture
asked 13 days ago56 views
2 Answers
0
Accepted Answer

To mitigate the transitive routing limitation of VPC Peering and enable querying the vendor's RDS instance from your on-premise client, consider deploying the following services:

  1. AWS PrivateLink: Establish a private endpoint in your VPC to access the vendor's RDS instance. This will allow you to access the RDS instance without exposing it to the public internet.

  2. AWS Lambda: Create a Lambda function that acts as a proxy between your on-premise client and the vendor's RDS instance. The Lambda function can be triggered by API Gateway or SQS, and can handle the query execution and data transfer.

  3. Amazon API Gateway: Set up an API Gateway REST API that accepts queries from your on-premise client and triggers the Lambda function. This will provide a secure and managed entry point for your queries.

  4. AWS Fargate: Run a containerized proxy application (e.g., a MySQL proxy) on Fargate, which can handle the query execution and data transfer. This provides a scalable and serverless compute option.

  5. Amazon EC2: Deploy an EC2 instance as a proxy server, running a MySQL proxy or a custom application that handles the query execution and data transfer.

Consider factors like:

  • Security: PrivateLink, Lambda, and API Gateway provide robust security features.
  • Scalability: Lambda and Fargate offer serverless scalability.
  • Performance: Lambda and Fargate can handle large data transfers.
  • Complexity: EC2 requires more management effort.
profile picture
EXPERT
Sandeep
answered 13 days ago
  • Thanks for your response. I'm pursuing the Fargate option. Great call!

0
  1. EC2 Instance as a Proxy:

    Deploy an EC2 instance in your AWS VPC.

    Install a proxy service (e.g., socat, HAProxy) on the instance.

    Forward SQL queries from the on-premise client to the RDS instance.

  2. AWS PrivateLink with Network Load Balancer (NLB):

    Set up an NLB in your AWS VPC to forward traffic to the RDS instance.

    Expose the NLB as a PrivateLink service.

    Create a VPC endpoint for on-premise access.

  3. Transit Gateway (TGW) with EC2 Proxy:

    Use an EC2 instance connected to the Transit Gateway as a proxy.

    Configure TGW route tables to allow traffic between on-premise, EC2 proxy, and RDS.

profile pictureAWS
EXPERT
Deeksha
answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions