AWS: How To Setup Postgres Security on EC2

Question

I have two machines in amazon. web01 and db01. I installed PostgreSQL on db01, and added the elastic ip of web01 to the pg_hba.conf

host dbname username 64.210.245.155/32 md5

and restarted the postgresql service. Now in web01 I tried to connect to the elastic ip of db01

$ psql -h 64.210.255.222 -U user -d database
psql: could not connect to server: No route to host
    Is the server running on host "64.210.255.222" and accepting
    TCP/IP connections on port 5432? 

I also added the elastic ip of web01 to db01's security group for inbound traffic. What am I doing wrong and how can I get web01 to connect to pg on db01?

Answer 1

To start with, you want to be connecting to the internal IP. You can use the DNS name if your elastic IP as it will resolve to an internal IP within AWS instead of using the elastic IP directly.

Secondly, all public IPs are assigned via NAT. If your service tries to listen to that IP address it will fail. Generally the best thing to do is listen to all IPs, unless you are using VPC and have control of the internal IP.

Lastly, you will provide access to the web security group within the db security group. Even if two instances are in the same security group, they will not be able to access each other unless the group is given access to itself.