I have been trying to set up an AWS Free Tier account using an EC2 instance and an RDS database running MySQL. Unfortunately, I cannot figure out how to grant access to the database from the EC2 instance. I have read all of the AWS documentation, but it is unfortunately out of date as are all the questions posted on StackOverflow. All of the documentation states that I should go to the Security Groups section of the RDS Dashboard. However, when I do so, this is what I'm confronted with.
** I would have included the image but I don't have the reputation for it.
Okay, I understand that I am not using the EC2-Classic platform and that I must make these changes to the Security Group in the EC2 Dashboard, but how?! I do not want public access to port 3306, I only want the EC2 instance to be able to communicate with the RDS database on a private subnet. Any help would be greatly appreciated.
The links to "AWS Documentation on Supported Platforms" and "Using RDS in VPC" are not helpful. They are outdated and also keep referring me back to Security Groups under the RDS Dashboard, which then only shows me this message.
To connect to a private RDS DB instance from a local machine using an EC2 instance as a jump server, follow these steps: Launch and configure your EC2 instance and configure the network setting of the instance. Configure the RDS DB instance's security groups. Connect to the RDS DB instance from your local machine.
Amazon Virtual Private Cloud (Amazon VPC) makes it possible for you to launch AWS resources, such as Amazon RDS DB instances, into a virtual private cloud (VPC).
A rule of thumb: When you are setting up resources in VPC, use ONLY VPC Security Groups. The individual RDS, Redshift...etc. security groups work only in case of ec2-classic. Meaning, when you are not setting up things in VPC.
Go to the VPC console and then on the left hand side menu, you will find security groups. These are the security groups which should control access to your AWS resources deployed inside a VPC.
I can't elaborate much as I am unaware of your VPC configuration and which subnet (public/private) you are setting these up.
Here is the hypothetical scenario...
VPC: 10.0.0.0/16
1 public subnet: 10.0.0.0/24
1 Private Subnet: 10.0.1.0/24
So, these are the security groups settings:
for EC2 instance Security group:
Inbound: port 80, 443 : from 0.0.0.0/0
Outbound: port 3306 : to 10.0.1.0/24
For RDS security group:
Inbound: port 3306: from 10.0.0.0/24
Inbound: port 80, 443 : from 0.0.0.0/0
This will allow EC2 instance be accessible on port 80 and 443 from the Internet.
Outbound: port 3306 : to 10.0.1.0/24
This allows EC2 instance to send the traffic on port 3306 only to the private subnet which is 10.0.1.0/24
Inbound: port 3306: from 10.0.0.0/24
This allows the RDS instance to accept traffic on port 3306 from the public subnet which is 10.0.0.0/24. Your EC2 instance resides in Public subnet so inherently RDS will accept traffic from Ec2 instance on port 3306
NOTE: Above setup presumes that you have set your Routing tables for the public/private subnets accordingly.
Hope this helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With