YuJungHoon
Reputation: 61
How to Connect AWS ECS (ApplicationLoadBalancedFargateService) Private IP to RDS Security Group Using CDK
How to Connect ECS Private IP to RDS Security Group Using CDK?
I need a private ip of ApplicationLoadBalancedFargateService (CDK Code).
I tried the following (Failed to resolve) :
const auroraSecurityGroup = new ec2.SecurityGroup(this, 'security-group', {
vpc,
allowAllOutbound: true,
description: 'Security Group of Aurora PostgreSQL',
securityGroupName: AURORA_SECURITY_GROUP_NAME
});
auroraSecurityGroup.addIngressRule(ec2.Peer.ipv4('my ecs private ip'), ec2.Port.tcp(DB_PORT), 'describe');
Upvotes: 6
Views: 1674
Answers (1)
Arun Kamalanathan
Reputation: 8593
If you would like to allow specific ip address, you have to specify with cidr.
ec2.Peer.ipv4('1.2.3.4/32')
Allow the security group of the fargate service as a source to arurora seucirty group:
auroraSecurityGroup.connections.allowFrom(ecsService.service, Port.tcp(3306), 'Inbound');
In this instance, its assumed that the ecs service is defined as follows.
const service = new ecs.FargateService(this, 'Service', {
cluster,
taskDefinition,
desiredCount: 5,
});
Upvotes: 3
Related Questions
- Create an AWS RDS instance without NAT Gateway using CDK
- Allow ingress from one security group to another using AWS CDK
- AWS CDK ApplicationLoadBalancedFargateService in private (isolated) subnet
- Add inbound rule to security group aws cdk
- AWS CDK (.NET) How to modify RDS Cluster Security Group to allow access from other Security Groups (e.g. EC2, Lambda)
- How create a security group that allow all inbound traffic using the aws cdk?
- How to get EC2 ID and Private IP from EC2 Autoscaling Group using AWS CDK
- Use AWS CDK to Create an RDS Instance in an ISOLATED Subnet
- Connecting AWS ECS Services with the CDK
- AWS CDK - SecurityGroup creation Typescript