1 Answer
- Newest
- Most votes
- Most comments
2
Assuming that the Transit gateway is all setup, confirm that the route tables are correctly configured so that the subnet in VPC A containing the EC2 instance has a route to the subnet(s) in VPC B that form the subnet group in which the RDS instance is provisioned (and vice versa) https://aws.amazon.com/blogs/architecture/field-notes-working-with-route-tables-in-aws-transit-gateway/
Then setup security groups (or network ACLs, but SGs are more common) to allow outbound access from the EC2 on port 1521/tcp to the subnets in the subnet group that have the RDS instance running. And similarly, that the RDS instance has a security group with an inbound rule on port 1521/tcp for traffic coming from the EC2 instance.
Relevant content
- Accepted Answerasked 4 months ago
- Accepted Answerasked 2 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
Excellent Answer! I am not very clear on proper setup of Route tables. Is there a good link or video that shows how do you normally setup those AWS entries correctly?
As long as you understand routing tables within a single VPC, it's really just an extension of that.
The theory behind it is here https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html
And a more practical working through of it is here https://aws.amazon.com/blogs/architecture/field-notes-working-with-route-tables-in-aws-transit-gateway/
Great Info. It seems to me the routing should be configured as this so that traffic from application/web server in VPC1 can be forwarded to private RDS in VPC2. Does this seem correct?
Destination Target 10.0.0.0/16 Local 0.0.0.0/0 TGW (foreward any traffic that is not local)
Destination Target RDS Subnet IP Range VPC#2
The TGW also will have attachments defined to first and second VPC.