AWS: How to connect VPN clients to RDS (VPN server EC2 and RDS are in the same VPC)

2
votes

I have an EC2 that run as a VPN server. In the same VPC I have a RDS instance and another EC2 instance in a private subnet.

I have devices that connects to the VPN server and I have configured that they can communicate with each-other and with the private EC2 too. But I can't make them to communicate with the RDS instance.

I have configured the Security Group of the RDS to allow all inbound traffic from the SG of both EC2, tried to allow even All Traffic from 0.0.0.0/0 a still VPN clients can't communicate with the RDS. I see that RDS can communicate inside the VPC but not outside it. Once upon a time a remember and I'm sure that I was connected from my local MySQL Workbench to the RDS(3 years ago)

Is there anyway to make this work?

Thanks in advanced

1
amazon-web-servicesamazon-ec2vpnamazon-rdsamazon-vpc
Is your RDS publicly accessible?error2007s
Publicly Accessible: YesTedi Çela
You can enable the "publicly accessible" flag on the RDS instance. However that totally defeats the purpose of requiring a VPN connection, and would open it up to security issues. I would start by validating that the DNS name of the RDS instance can actually be resolved when you are connected via VPN.Mark B
the funny part is that I made the RDS publicly accessible to connect from outside at least but it still can't be connectedTedi Çela
per your last comment that's an ACL or security group issue if you can't access a public RDS instance.Marc Young

1 Answers

0
votes

Your answer may be in this OpenVPN Support thread. I'm running into the same issue. From what I gather, when you're connected over vpn, public IPs and DNS names won't resolve. You can connect to other EC2 instances easily using private IPs. But the RDS instance's IP is not static, so it must be resolved using it's host name. The solution apparently is to make your OpenVPN server use the Amazon DNS server, so that it can resolve the RDS instance by its host name.