By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

PrivateLink connectivity issues

0

I've wanted to test AWS Privatelink in my account. For this purpose, I've created two VPCs in the same region. The first VPC is isolated from the internet and contains only two subnets. In this VPC you can find RDS postgres database and a NLB with the RDS private IPs as the target group. I've also created an Endpoint Service that redirects the traffic to this NLB. In the second VPC I've established internet connection using Internet Gateway in the VPC and created an Ubuntu based instance. As AWS Privatelink requires, I created in this VPC an interface endpoint and connected this endpoint to the endpoint service that has been created previously. I installed psql cli on the Ubuntu EC2 instance so it can connect to the RDS database. Also from EC2 security perspective, The instance only allows connection on port 22 and connection is made with instance connect only (I don't have a key pair). I used this command on the insatnce in order to connect to the database: ' psql -h <ENDPOINT_DNS_NAME> -p 5432 -U postgres ' When I've done these steps in my home everything worked just fine and I've successfully connected to the RDS database in the other VPC, however when I've try to do the same process at the office, I get a connection timeout. Then I've arrived back home and again everything works perfectly fine. I don't understand what is the problem or why this privatelink connection works for me from specific locations. Thanks for help

Topics
Networking & Content DeliveryMigration & ModernizationAnalyticsDatabase
Tags
Amazon VPCAmazon Relational Database ServiceDatabaseNetworking & Content DeliveryAWS PrivateLink
Language
English
Yotam Halperin
asked 22 days ago292 views
1 Answer
0

Hello.

If you are running the "psql" command from the same EC2, I don't think it will be blocked by the VPC endpoint security group.
Just to be sure, why not configure the inbound rules of the VPC endpoint security group to allow all communications and try connecting?
I think it would be a good idea to enable VPC flow logs and investigate where communication is being blocked.
https://docs.aws.amazon.com/vpc/latest/userguide/working-with-flow-logs.html#create-flow-log

Also, from where to where is the connection causing the timeout error?
If a timeout error occurs when connecting to EC2, there may be a problem with the EC2 security group.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/eice-security-groups.html#resource-security-group-rules

profile picture
EXPERT
Riku_Kobayashi
answered 22 days ago
  • Yotam Halperin
    20 days ago

    Hi thank you for your help, I succeeded in making the connection work at my home, that's mean that the security groups are configured correctly. The problem starts at the office... I use Terraform to deploy the resources so they are exactly the same. The only thing that has changed is the internet connection to my computer, but it doesn’t make sense because the connection is made from the EC2 instance to the RDS instance threw the AWS global network

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content