By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How do I successfully peer two VPCs using transit gateway?

0

I am trying to peer two VPCs through a transit gateway, but I am having trouble making a connection from a pod in VPC_1 to VPC_2's RDS instance.

  • VPC_1 has a cluster with an RDS instance (MySQL).
  • VPC_2 has a cluster for which node groups must be able to connect to the RDS instance.

I ensured the following:

  • There is a transit gateway attachment between the transit gateway and VPC_1, and VPC_2. So they are both attached to the same transit gateway.
  • There is an inbound security group rule in the RDS instance allowing traffic from VPC_2's IP address range on port 3306.

I spun up a pod inside VPC_2's EKS cluster and attempted to connect to the RDS instance of VPC_1, but I was unable to connect. I am not sure what could be missing here, I am thinking perhaps some route tables or some security group rules. But from my understanding, the configuration that I have should be enough to achieve connectivity.

Can someone please help guide me, or give me some pointers on what I could be missing?

I have tried the following:

  • Using the AWS connectivity analyzer to check if the connection between the 2 VPCs is fine. It says it's good but I don't always trust it.
1 Answer
4
Accepted Answer
  1. You need routes in both VPC's subnets to reach each other via TGW
  2. You need to check Transit Gateway route tables associated with TGW attachments. If routes were not Propagated, you need to create Static routes
  3. (Optional) It is Better to refer to EKS Node SG ID in the INBOUND rule of RDS SG instead of the whole VPC CIDR. Anyway, your configuration of SG should work
profile picture
EXPERT
answered 9 months ago
profile picture
EXPERT
reviewed 6 months ago
profile picture
EXPERT
reviewed 8 months ago
profile pictureAWS
EXPERT
reviewed 9 months ago
  • I was missing the route in one direction, even though I had it set for the other direction. So I just edited the route tables and made sure the subnets accept each other. Thank you so much!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions