- Newest
- Most votes
- Most comments
One option might be to add an RDS proxy in your VPC and connect to it from PostgreSQL. The proxy's DNS name would always resolve to private IPs, while the host database would remain publicly accessible. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html
Is the RDS database publicly accessible? If so, the DNS name will resolve to its public IPs when queried from the outside. Since you're accessing it from inside your VPC or otherwise internally via VPC peering connections, the simplest option would be to disable the "publicly accessible" option for the RDS database. That would cause its DNS name to resolve to its private IPs regardless of where the name is queried from.
It is publicly accessible but needs to be for other uses, so I can't disable that unfortunately. The EC2 instance successfully resolves the host name to the internal IP address though (despite it being publicly accessible), so it should be possible for the RDS instance to do the same shouldn't it?
The RDS database doesn't actually reside in your VPC. It lives in an AWS-owned account and VPC and only extends a network interface in your VPC, so that it becomes internally accessible. I believe the DNS queries made by the database therefore originate in the AWS-owned VPC and follow the configuration there and not the configuration of your VPCs.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thanks, I'll investigate this, but it does seem a bit silly to pay and extra 20+ USD per month just to get internal name resolution when the databases are otherwise connected perfectly fine 😞