RDS instance access from Ec2 instance from different region

Question

I have following setup on AWS

• One RDS instance in Region 1.
• One Ec2 instance in Region 2.
• EC2-Security Group sgrg2 in Region 2.

I am trying to access RDS from EC2 by adding Security Group to RDS instance list. It is not authorizing.

Moreover, while adding sgrg2 to RDS security group, it is saying ' EC2 security group sgrg2 for account xxx does not exist'.

Please help.

Answer 1

Communication between regions on AWS goes through the untrusted internet. You need to add the external IP of the EC2 instance to the security group of the RDS instance to get that to work. However, I would recommend you to move the EC2 instance into the RDS instance region, both for safety and cost. Safety as you need to expose your RDS instance to the internet (also make sure you use SSL connetions to the db). Cost as Amazon charges for traffic across regions as regular in/out traffic.