Any help would be much appreciated!
Initially we had 3 subnets in our AWS VPC. The VPC has an IGW and one default route table with 2 routes - 1 for internal and 0.0.0.0/0 to IGW. A standard initial VPC setup.
Within the VPC we have an RDS instance, with an RDS proxy, and the DB is set for public access while we develop the solution. The DB is associated with the default VPC SG along with a specific SG that whitelists IP addresses for DB connectivity via the public endpoint.
Also within the VPC we have a Lambda that is using the default VPC security group and the 3 subnets mentioned above.
The Lambda can connect to the RDS proxy, and we can connect to the RDS public endpoint via a whitelisted IP - This is as expected.
The Issue:
Now we need to provide the Lambda with internet access (it needs to connect with RedisLabs). To do this we've added:
- A public subnet (subnet-00245f33edbae3358)
- A NAT on the public subnet
- Created a route table associated with the existing 3 private subnets (subnet-06d1124e, subnet-ba82bce1, subnet-3344b955) with a route of 0.0.0.0/0 -> NAT
- Created a route table associated with the new public subnet (subnet-00245f33edbae3358) with a route of 0.0.0.0/0 -> IGW
With this is place the Lambda can still access the DB via the RDS proxy (expected) and can now access the internet (expected), BUT we lose connection to the DB via the public facing endpoint.
Is there something missing in the configuration that will allow Lambda access to the RDS and internet AND will also allow us access to RDS via the public endpoint? OR do we need an SSH tunnel within the public subnet to do this?
Thanks in advance!
Additional Info:
The RDS currently has the following SG's: - prod-auth-service-rds - allows TCP 3306 from my whitelisted IP - sg-11cb746b (default) - All traffic with, self referencing source (sg-11cb746b)
The RDS is on subnets: - subnet-06d1124e - existing private subnet - subnet-ba82bce1 - existing private subnet - subnet-3344b955 - existing private subnet
The NAT is on subnet subnet-00245f33edbae3358
