How to connect an EC2 in a VPC to an Aurora RDS in another VPC using VPC Peering

Question

I have created an EC2 in VPC A
I already have an Aurora RDS instance in VPC B
I have successfully created VPC peering and verified it by pinging an EC2 instance in VPC B from the EC2 instance in VPC A.

Whenever I SSH into the EC2 in VPC A and try to connect to the RDS instance in VPC B using the MySQL client through the terminal.
In case I allow all the traffic in the inbound rules ***from anywhere*** in the security group  associated with the RDS instance -> the connection is successful
In case I allow all the traffic in the inbound rule from only the ***CIDR Block of VPC A*** in the Security group associated with the RDS instance --> the connection is failing.

**Notes**: 
 -  Ec2 instance in VPC A doesn't have role associated with it
 - I found some answers that suggests to set the RDS instance private , so that it resolves to private IP. i.e. associating the RDS instance with a private subnet that has no Internet gateway , but how could a backend then connect to this RDS instance with no hostname in case we set the RDS to private ?

Accepted Answer

It sounds like your Aurora is configured with a PUBLIC IP and you have not enabled VPC DNS Resoltion on the peering settings.
https://docs.aws.amazon.com/vpc/latest/peering/modify-peering-connections.html#vpc-peering-dns

It could be that your EC2s in account A are connecting to RDS account B over the internet if you are using the Endpoint DNS Names. I have seen this type of miss configuration before if you do not enable the private DNS resolution.

This is if your CIDR Block of VPC A is accurate in your security group rule

How to connect an EC2 in a VPC to an Aurora RDS in another VPC using VPC Peering

相關內容