What are the security group rules for Amazon RDS dbinstance and EC2 instance over the different VPCs with VPC Peering?

0
votes

What security group rules should I set for my db instance and my EC2 instance for accessing DB instance from my EC2 instance?

Both are in different VPCs and I used VPC Peering between them.

I did following configuration:

  • I created two VPC's
  • One is with public subnet and another is with private subnet
  • Launch EC2 web instance with public VPC and MySQL db instance with private subnet
  • Set VPC peering between them and they both have different security groups
  • Created a NAT Gateway in public subnet

So, how should I set both security group rules for establishing connections between them?

1
amazon-web-servicesamazon-rdsamazon-vpcaws-security-group

1 Answers

0
votes

You should configure:

  • A security group on the Amazon EC2 instance (App-SG) that permits access to the instance/application as desired
  • A security group on the Amazon RDS DB instance (DB-SG) that permits inbound access on port 3306 for App-SG

That is, DB-SG should specifically refer to App-SG in the inbound rules.

When connecting from the EC2 to the database, make sure you are using the DNS Name of the RDS database. This should resolve to a private IP address.

The NAT Gateway is not required for the above connection.