Reputation: 7068
AWS EKS node to access RDS
I have AWS EKS nodes access RDS where I have have whitelisted EKS node's public IPs in RDS's security group. But this is not viable solution because EKS Nodes can get replaced and its public IP can changes with it.
How can I make this EKS node's connecting to RDS more stable ?
Upvotes: 2
Views: 11768
Answers (2)
Reputation: 6063
Last year we have introduced a new feature to assign Security Groups to Kubernetes pods directly to overcome having to assign them at the node level (to avoid ephemerality problems you call out and to create a more secure environment where only the pod that needs to talk to RDS can do so Vs the ENTIRE node). You can follow this tutorial to configure this feature or refer to the official documentation.
Upvotes: 7
Reputation: 823
If your eks cluster is in the same vpc as the Rds instance, then you can just whitelist your vpc's private ip-address (cidr) range in RDS security group. If they are in different vpc's, then connect both vpc with vpc-peering and whitelist's eks vpc's IP range in rds security group. Dont use public ip's as they will go through outside AWS network. Instead, always use private connections wherever possible as they are faster, reliable and more secure. If you don't want to whitelist complete cidr Then you can also create a NAT gateway for your eks cluster and make routes for outside traffic going outside the EKS cluster go through that NAT gateway and then you can whitelist NAT's IP in rds security group
Upvotes: 4
Related Questions
- Additional security group in EKS managed node group
- Attach Security group to EKS on Fargate profile
- How to connect AWS RDS to AWS EKS?
- Give all users of an AWS account access to an EKS cluster
- EKS Cluster endpoint access
- Is there an AWS security group rule specifically allowing access to AWS KMS?
- Permissions to READ EKS cluster from EC2
- AWS EKS access issue on eks:AccessKubernetesApi
- Enabling AWS Group to access AWS EKS cluster
- AWS Security Groups - EC2 to RDS