How do I enable an app in a Lightsail container service to connect to an RDS instance?

0

I'm wanting to move a Flask app in Elastic Beanstalk to Lightsail. I have successfully deployed the app to a Lightsail container service. I can't work out how to enable the app to connect to the database (which is a MySQL db in RDS). There is no instance, just a container, so there's no information about the security group. I identified the IP addresses that the public DNS is using and added them in the inbound rules in the DB's security group, but that didn't work. Is it even possible, or do I have to move the database to Lightsail as well?

asked 2 years ago1692 views
2 Answers
0
Accepted Answer

After setting up a VPC peer connection, you can see the peer connection to the VPC where Lightsail is deployed from the Peer Connection of the VPC screen.
Check "Requestor CIDR" in the peer connection details to see the CIDR of the VPC where Lightsail is deployed.
If you set that CIDR in the RDS security group inbound rule, you can make the connection.

profile picture
EXPERT
answered 2 years ago
profile picture
EXPERT
reviewed 6 months ago
0

It is possible to connect from Lightsail to RDS.
Follow these steps to create a VPC peer connection.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-set-up-vpc-peering-with-aws-resources
Then configure the RDS security group to allow Lightsail connections.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-connect-lamp-instance-to-aurora-database#configure-security-group

This procedure is for connecting to RDS Aurora, but it can be set up in much the same way for RDS MySQL.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-connect-lamp-instance-to-aurora-database

profile picture
EXPERT
answered 2 years ago
  • There is only the container service (I believe this is a new Lightsail feature), which works, because the app is running (I just need to connect the DB). I have already seen those instructions, but they don't apply because there is no instance.

  • It is possible to connect from the Lightsail container by editing the RDS security group after setting up the VPC peer connection.
    The IP address set for the inbound rule is a private IP address.
    Public access must be enabled in RDS if public IP addresses are to be set in the security group.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions