Organizing Security Groups in AWS

0
votes

I'm having an issue with Security Groups in AWS. I have 4 security groups, 2 in EC2 and 2 in RDS.

ec2-prod ec2-test rds-prod rds-test

On the other hand, I have a database DEV, having the rds-test security group associated. In the rds-test inbound rules I've added ec2-prod and ec2-test, and my IP is added into the ec2-test, but for some reason it's not working.

If I add my IP directly on rds-test I can connect to the database, but this behavior make no sense to me. Just in case, in the ec2-test security group, my IP has permission ALL TCP.

Any ideas?

1
amazon-web-servicesamazon-ec2amazon-rds

1 Answers

0
votes

It's the normal behavior. You have to add your IP to the DB security group.

The DB security group defines the access the RDS DB.

The EC2 security group defines the access the EC2 instance.

The fact that your IP is authorized to access the instance doesn't mean your IP is authorized to access the DB (but you can connect to the DB from the instance).