Find the Elastic Beanstalk Security Group and Configure the Connection to RDS

Question

I was trying to configure my EB to talk to an external RDS instance. Found an AWS document but found it's way too complicated, and many descriptions don't match what I have on the AWS configuration pages. Since I have configured to access RDS from ec2 and from my local machine before, I know I just need to find the security group of my EB instance and add it to RDS security group's Inbound access rules. However, while I searched hard I cannot find where the EB instance security group is. The closest thing I can find is a dash connected 6-part long string in the Instance Configuration page in the EB environment dashboard. But copying this long string RDS access rule is rejected as non-valid.

Answer 1

Eventually I found the security group of the EB which I can add into RDS access rules. It's not straightforward, but it's indeed related to the security group on the Instance Configuration page of the EB environment. First on EB environment page, tap the Configuration button, and tap the gear button on the Instance Configuration panel

Once on the Instance configuration detail page, find the EC2 security groups entry, copy part of the string, like the erased part in this picture

Then open another window and go to the RDS instance dashboard, tap on the Configuration Detail, find the Security Group and tap into it. On the bottom of the Security Group configuration page, Edit the rules and add a new Inbound rule, paste the copied partial EB security group into it, the browser will automatically prompt the correct security group in the sg-xxxx format. Select it and configure the Type as either All Traffic or of your particular DB type, and Voila, your EB instance can now talk to the RDS.