Configure EC2 connection to RDS

I have an application server running on EC2 in VPC A under one cloud account. I have an RDS Oracle instance in VPC B under diffent cloud account. There is TGW between both clouds. What do you normally have to do on the EC2 machine or networking to be able to connect and forward traffic to the RDS in VPC B? I have oracle client software installed on EC2 machine in order to connect to oracle server.

Topics

Networking & Content Delivery Database Compute

Tags

Amazon VPC Amazon Relational Database Service Amazon EC2 Database Networking & Content Delivery

Language

English

sam15

asked 11 days ago123 views

1 Answer

Newest
Most votes
Most comments

Assuming that the Transit gateway is all setup, confirm that the route tables are correctly configured so that the subnet in VPC A containing the EC2 instance has a route to the subnet(s) in VPC B that form the subnet group in which the RDS instance is provisioned (and vice versa) https://aws.amazon.com/blogs/architecture/field-notes-working-with-route-tables-in-aws-transit-gateway/

Then setup security groups (or network ACLs, but SGs are more common) to allow outbound access from the EC2 on port 1521/tcp to the subnets in the subnet group that have the RDS instance running. And similarly, that the RDS instance has a security group with an inbound rule on port 1521/tcp for traffic coming from the EC2 instance.

EXPERT

Steve_M

answered 11 days ago

EXPERT

Riku_Kobayashi

reviewed 11 days ago

sam15
11 days ago
Excellent Answer! I am not very clear on proper setup of Route tables. Is there a good link or video that shows how do you normally setup those AWS entries correctly?
Steve_M EXPERT
11 days ago
As long as you understand routing tables within a single VPC, it's really just an extension of that.

The theory behind it is here https://docs.aws.amazon.com/vpc/latest/tgw/tgw-route-tables.html

And a more practical working through of it is here https://aws.amazon.com/blogs/architecture/field-notes-working-with-route-tables-in-aws-transit-gateway/
sam15
8 days ago
Great Info. It seems to me the routing should be configured as this so that traffic from application/web server in VPC1 can be forwarded to private RDS in VPC2. Does this seem correct?

Update the route table for private subnet where the source Application server is to forward outbound traffic to TGW. If the IP for outbound traffic is for the RDS instance in another account it will go to the TGW.

Destination Target 10.0.0.0/16 Local 0.0.0.0/0 TGW (foreward any traffic that is not local)

The TGW Route table should have an entry to forward traffic to second VPC where the RDS is located.

Destination Target RDS Subnet IP Range VPC#2

The TGW also will have attachments defined to first and second VPC.

Relevant content

Web Server Connection to RDS
Accepted Answer
sam15
asked 2 months ago
My ECS tasks (VPC A) can't connect to my RDS (VPC B) even though the VPCs are peered and networking is configured correctly
ManavDa
asked a year ago
Connection between EC2 instance and RDS
rePost-User-8883437
asked 3 days ago
Filter VPC flow logs to check connection between RDS mySQL and EC2
Accepted Answer
rePost-User-8883437
asked 5 days ago
How do I connect to an Amazon RDS for Oracle DB instance?
AWS OFFICIALUpdated 20 days ago
How do I configure my Amazon RDS for Oracle instance to send emails?
AWS OFFICIALUpdated 2 years ago
How can I connect to a private Amazon RDS DB instance from a local machine using an Amazon EC2 instance as a bastion host?
AWS OFFICIALUpdated 8 months ago
How can I troubleshoot connectivity to an Amazon RDS DB instance that uses a public or private subnet of a VPC?
AWS OFFICIALUpdated 9 months ago
Recovering a VMware Cloud on AWS VM backup to EC2 using AWS Backup
EXPERT
apylnev
published 4 months ago
Enabling Secure Connectivity between Overlapping On-Premise Networks and AWS VPC through Pilot VPC and Advanced Twice NAT Technology
EXPERT
Vinay Gugueoth
published 2 months ago