My setup is very similar to the one presented here - Why can't I connect AWS RDS instance from EC2 instance in another VPC after peering
I have 2 VPC's VPC A and VPC B
I have an RDS instance and an EC2 instance (EC2 A) in VPC A - I can access the RDS instance from EC2 A by running something like mysql -u sa -pPASSWORD -h db-prod.sdfsdfewfwe.us-east-2.rds.amazonaws.com
I have another EC2 instance (EC2 B) in VPC B and I'd like to be able to run the same mysql command to access the RDS instance.
I set up a peering connection between VPC A and VPC B so my route table looks like the following:
RDS VPC
Destination Target
172.31.0.0/16 local
10.0.0.0/16 pcx-xyz123
EC2 VPC
Destination Target
10.0.0.0/16 local
172.31.0.0/16 pcx-xyz123
I can now ssh from VPC A -> VPC B and vice versa, but I still cannot access the RDS instance.
The only way I am able to do it is to set up an SSH tunnel like so:
ssh -i "key.pem" [email protected] -L 3307:db-prod.sdfsdfewfwe.us-east-2.rds.amazonaws.com:3306 -N
I can then access the RDS from VPC B by running:
mysql -u sa -pPASSWORD -h 127.0.0.1 -P 3307
I would like to avoid this, and set up my networking properly to resolve the RDS access from VPC B
Update:
@detzu Thanks for the response.
RDS has 2 subnets, db-subnet and accessible-subnet
accessible-subnet:
11.234.52.0/24 local
11.234.53.0/24 local
11.241.52.0/24 pcx-034d57cb727bbf9ec
0.0.0.0/0 igw-003f4bff3126fc2e9
db-subnet:
11.234.52.0/24 local
11.234.53.0/24 local
11.241.52.0/24 pcx-034d57cb727bbf9ec
0.0.0.0/0 igw-003f4bff3126fc2e9
VPC B has one subnet inaccessible-subnet:
11.234.52.0/24 pcx-034d57cb727bbf9ec
11.241.52.0/24 local
0.0.0.0/0 igw-01fd2dbb6bee81525
RDS Security group:
CIDR/IP - Inbound 33.140.253.74/32
CIDR/IP - Inbound 11.234.52.0/24
CIDR/IP - Inbound 11.241.52.0/24
CIDR/IP - Outbound 0.0.0.0/0
Update 2
RDS Security group rules
Inbound:
MYSQL/Aurora TCP 3306 33.140.253.74/32
MYSQL/Aurora TCP 3306 11.234.52.0/24
MYSQL/Aurora TCP 3306 11.241.52.0/24
Outbound:
All traffic All All 0.0.0.0/0
