Reputation: 307
Connect to RDS (in VPC), from outside VPC, via VPC Endpoint (AWS)
I've spend about a full day trying to solve this, but have no luck so far. I'm also open to alternative suggestions than my current setup.
I have an RDS instance inside of a VPC. I am trying to make CodeBuild be able to access this RDS instance for a testing step.
Currently, I setup a VPC endpoint for the CodeBuild service, with all 3 subnets of the VPC. I know that if I allow all inbound traffic for the security group on the RDS, it works. I don't want to allow all inbound traffic though- and given this, have been unsuccessful.
I have tried the following to no avail:
- Taking the private IPv4's of the ENI's created by the VPCE, adding them as inbound rules to the security group on the RDS
- Creating a separate VPC for CodeBuild, and setup VPC peering (this seemed overly complex, and I'm not sure if the peering would even allow CodeBuild traffic to hit an RDS; it also makes things complicated down the road for CodeDeploy).
- Putting CodeBuild inside the VPC of the RDS instance. When doing this, I created a new subnet in the VPC, assigned it to a NAT in the routes table (and this NAT was on the VPC of the RDS instance); put CodeBuild kept telling me it had no internet access.
Upvotes: 1
Views: 1148
Answers (2)
Reputation: 307
Thanks Marcin for pointing me in the right direction to make CodeBuild in the same VPC. When I was able to focus on that, I saw this post again:
CodeBuild cannot find the 0.0.0.0/0 destination for the target internet gateway
which I had the same issue; my NAT was also on the private subnet. Now, it's on the public subnet, and it's working.
Upvotes: 0
Reputation: 238975
setup a VPC endpoint for the CodeBuild service,
VPC endpoints are not used for inbound traffic from CB to VPC. They are used for your applications in VPC to interact with CB service without the internet.
Putting CodeBuild inside the VPC of the RDS instance.
This is the correct way. Sadly you haven't provided any details of your VPC, subents, NAT, route tables, security groups, NACLs setup, thus its difficult to speculate why it does not work.
Upvotes: 2
Related Questions
- Publicly accessing AWS RDS from outside VPC
- Connect to private RDS instance
- Connect to RDS through VPC Peering
- Connect to RDS instance from Ec2 instance within VPC
- Access Amazon RDS database in VPC from Lambda locally
- Access RDS from VPC Lambda
- AWS Lambda access to RDS outside VPC
- Accessing RDS from EC2 instance in separate VPC
- Amazon Web Services EC2 to RDS Connectivity with VPC
- Connect to RDS instance from VPC outside region