I have an EC2 instance with no public IP address and I want it to access my RDS instance. I have put the two instances in the same VPC and subnet. I have tried the following (*) but did not work. Only when I set a public IP address to the Ec2 instance then add it to the security group of the RDS instance that it worked. But that is not what I want since this ec2 instance should be private and not have a public ip.
*tried adding the following to RDS security groups
- private ip address of ec2
- ip 10.0.0.0/32
- security group assigned to ec2
CodePudding user response:
This is a classic EC2 - RDS security setup that you are looking for, in order to solve it, you will have to make sure that:
- The ec2 is in a private subnet and that it is protected by a security group (RED box in diagram below)
- The RDS is in the private subnet too and that it is protected by a security group (Yellow box in diagram below).
- To enable communication between the two, you will need to whitelist the security group of the EC2 in the security group of the RDS instead of a public ID. (You will need to whitelist the red box in the inbound rules of the yellow box).
You can use the diagram below to ease the understanding of how the setup should work.
Here is a guide on how you can achieve this