Reputation: 3
Connect to private Amazon RDS without EC2
I see a lot of articles online where EC2 is involved, but since my backend is essentially serverless I have not found much information how to access my RDS once it is turned private. Can anyone point me in the right direction?
Current state:
- Public MySQL RDS
- RDS is accessed by a MySQL client on my local machine (MySQL Workbench) and AWS Lambda functions via my web application (both connecting via SSL)
Future state:
- Private MySQL RDS
- Private RDS would continue to be accessed by only my local machine and only the noted AWS Lambda functions via my web application (I assume continuing to use SSL?)
Upvotes: 0
Views: 4990
Answers (3)
Reputation: 11
You can use Basti, which is a CLI tool that manages the EC2 bastion instance for you. The tool keeps the instance stopped when it's not used to minimize the solution cost, performs software updates to maintain the bastion instance secure, and provides a convenient CLI that can be used locally and in CI/CD pipelines.
Upvotes: 1
Reputation: 200682
In your scenario your Lambda functions will need to be configured to run in the VPC if they are not already. That is the only change required for the Lambda functions.
However, When you switch the RDS instance to private, that means it only accepts connections from within the VPC. So you can't make connections directly from your local computer to the database anymore. You have to go through some sort of "bridge" to get your local computer into the AWS VPC network.
In this scenario people either use an EC2 instance as a bastion host, or they create a VPN connection from their local computer into the AWS VPC. AWS Client VPN is a managed service you could used for this.
You'll need to evaluate the Client VPN pricing, but I think you may find that a single t4g.nano EC2 bastion host is probably cheaper, and you can also stop the instance when you don't need it to really cut down the cost.
Upvotes: 5
Reputation: 3610
You can use VPC also with Lambda. Lambda and RDS can be in the same VPC, or in separate VPC’s peered together. Aws documentation for this scenario can be found here: https://aws.amazon.com/premiumsupport/knowledge-center/connect-lambda-to-an-rds-instance/
Upvotes: -1
Related Questions
- Publicly accessing AWS RDS from outside VPC
- Connect to private RDS instance
- Connect to RDS instance from Ec2 instance within VPC
- Access AWS RDS from local machine without EC2
- Is it possible to connect AWS RDS Instance outside the VPC with Public Accessibility as No?
- Connect to private RDS in AWS
- Cannot connect to AWS RDS instance that is not in VPC
- Amzon web services: How to access a MySQL RDS within a EC2 instance with default VPC
- Accessing AWS RDS From Outside the VPC with no public access
- Connect to RDS from VPS