Securely Connecting On-Premises Data Center to RDS Instance in Public Subnet via Direct Connect and Transit Gateway

Question

I have an RDS instance located in a public subnet, and it has a private IP address associated with it. The subnet's route table is configured to use an Internet Gateway (IGW). We now have a requirement to establish connectivity to this RDS instance from our on-premises data center. To do this, we are currently running a Direct Connect via a Transit Gateway (TGW) with only private subnets attached to it.

I'm seeking guidance on how to establish this connection while adhering to the best security practices.

Accepted Answer

It is best practice to launch your RDS instances in private subnets. Also, When you attach a VPC to a transit gateway, you must specify one subnet from each Availability Zone to be used by the transit gateway to route traffic. Specifying one subnet from an Availability Zone enables traffic to reach resources in every subnet in that Availability Zone (doesn't matter whether the subnet is private or public)

Securely Connecting On-Premises Data Center to RDS Instance in Public Subnet via Direct Connect and Transit Gateway

相關內容