CODEWITHSUNDEEP
amazon-web-servicesamazon-eksamazon-vpcamazon-aurora
Kostas Demiris
Kostas Demiris

Reputation: 3631

How to make an Aurora instance reachable over the internet?

I have a staging and a production EKS cluster on AWS, and they use different DBs.

I need to deploy a replica of the prod app deployment in a temp namespace inside the staging cluster.

Now, the temp deployment needs to be connected to the prod Aurora.

But, the staging and production clusters are in separate VPCs, but [unfortunately] with the same CIDRs. So I cannot peer the two VPCs.

Also, the Aurora cluster is deployed in private subnets.

One [temporary] solution that I am thinking of is, to essentially make public the private subnet the Aurora writer is deployed into, and have my app in the staging cluster reach the prod db over the internet.

  1. I found the private subnet that the Aurora writer is deployed into
  2. Found the routing table that it uses
  3. Could I just change the routing rule from 0.0.0.0/0 -> NAT-12345 to 0.0.0.0/0 -> IGW-12345 so instead of NAT it will use the Internet Gateway?

Is this something viable, and if so, do I need to make something else in order for the db endpoint eg the-prod-aurora-postgres.cluster-something123.uk-west-45.rds.amazonaws.com to be reachable over the internet?

Upvotes: 0

Views: 116

Answers (1)

Spiff
Spiff

Reputation: 4104

Yes that's correct you have to create a public subnet (with route to igw)

Change aurora connectivity to public access

Adjust the security group to allow access only to the eks cluster

https://aws.amazon.com/premiumsupport/knowledge-center/aurora-private-public-endpoints/

Upvotes: 1

Related Questions