Can an Elastic Beanstalk from one AWS account talk to RDS in another AWS account?

0
votes

enter image description here

Security groups of Elastic Beanstalk is not recognised when adding to the Inbound Rules of RDS.

The error message is

Could not update your security group rules (No changes were made): The security group 'sg-xxxxx' does not exist

Any help is much appreciated.

1
amazon-web-servicesamazon-elastic-beanstalkamazon-rds

1 Answers

1
votes

I think this would be possible by:

  1. Peering the two relevant VPC's from account 1 and account 2. See: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

  2. Updating the route tables of the specific VPC's subnets to ensure that traffic to and from the relevant VPC's are routed correctly.

  3. Updating the security group rules in account 2 for RDS to allow source traffic from the address range VPC that account 1 will connect from, e.g. allow inbound TCP/3306 FROM 10.0.1.0/24 as an example.

In order to provide more specific details I'd need to know the VPC CIDR range and subnet setup + configuration or route tables.