- Newest
- Most votes
- Most comments
Have you added entries to the subnet route tables to support traffic over the peering connection? For both subnets you need to target the peering connection for traffic that has the other VPC as the destination.
Also although default NACLs will work fine, if you've got non-default rules in them then check they also allow for two-way traffic.
Hello.
Add the EC2 security group to the inbound rules of the RDS security group.
If VPCs in the same region are connected by peering, you can refer to the security group.
If the VPCs are in different regions, you should be able to connect by setting the security group to allow the CIDR of the subnet where EC2 is running.
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
The peer VPC can be a VPC in your account, or a VPC in another AWS account. To reference a security group in another AWS account, include the account number in Source or Destination field; for example, 123456789012/sg-1a2b3c4d.
You cannot reference the security group of a peer VPC that's in a different Region. Instead, use the CIDR block of the peer VPC.
To reference a security group in a peer VPC, the VPC peering connection must be in the active state.
If you configure routes to forward the traffic between two instances in different subnets through a middlebox appliance, you must ensure that the security groups for both instances allow traffic to flow between the instances. The security group for each instance must reference the private IP address of the other instance, or the CIDR range of the subnet that contains the other instance, as the source. If you reference the security group of the other instance as the source, this does not allow traffic to flow between the instances.
If you disable public access for RDS, RDS uses a private IP address to connect, so you will not be able to connect even if you allow public IP addresses in your security group.
Thanks Riku. I added the security group of the EC2 instance and still it is not working.
I have proceeded to add the CIDR range of VPC 1 in the security group of VPC 2 but still not working as I see error message in Azure data studio: "connection failed: could not receive data from server: Socket is not connected"
Check your route table as @skinsman says. Settings that allow routing from VPC1 to VPC2 and settings that allow routing from VPC2 to VPC1 must be configured in the route table of each VPC. I think the settings described in the following document will be helpful. https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html
Just seen this. I used the Reachability analyzer in AWS Network manager. I set the EC2 instance as the source and the destination set to the network interface of the RDS instance which has a private IPv4 address. This was the output: NO_ROUTE_TO_DESTINATION: Route table rtb-kyandaxyz does not have an applicable route to pcx-kyandaxyz (peering connection)
This doc - https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html that you also attached came in handy and it now works.
Thanks
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Indeed this was the missing piece. I used the Reachability analyzer in AWS Network manager. I set the EC2 instance as the source and the destination set to the network interface of the RDS instance which has a private IPv4 address. This was the output: NO_ROUTE_TO_DESTINATION: Route table rtb-kyandaxyz does not have an applicable route to pcx-kyandaxyz (peering connection)
This doc - https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html that you also attached came in handy and it now works.
Thanks