Shridutt Kothari
Reputation: 7394
Not able to connect to Rds Postgres instance when created from Github action
When i am deploying a Postgres instance using Terraform CDKTF from my local machine, i am able to connect to it after it's creation from my machine, but when i use same code to deploy the Postgres instance from Github actions, i am not able to connect to the deployed instance:
Here's my code:
public PostgresStack(final Construct scope, final String id) {
super(scope, id);
final String REGION = "eu-central-1";
final String TAG_NAME = "Name";
final String TAG_CREATED_BY = "Created By";
AwsProvider awsProvider = AwsProvider.Builder.create(this, "AWS")
.region(REGION)
.defaultTags(List.of(AwsProviderDefaultTags.builder()
.tags(Collections.singletonMap(TAG_CREATED_BY, "CDKTF"))
.build()))
.build();
Vpc vpc = Vpc.Builder.create(this, "postgres_vpc")
.cidrBlock("10.0.0.0/16")
.enableDnsSupport(true) // This is needed to support both DNS resolution, DNS hostnames
.enableDnsHostnames(true)
.build();
SecurityGroupIngress securityGroupIngress = SecurityGroupIngress.builder()
.fromPort(5432)
.toPort(5432)
.protocol("tcp")
.cidrBlocks(List.of("0.0.0.0/0"))
.build();
SecurityGroupEgress securityGroupEgress = SecurityGroupEgress.builder()
.fromPort(0)
.toPort(0)
.protocol("tcp")
.cidrBlocks(List.of("0.0.0.0/0"))
.build();
// Create a security group that allows inbound traffic on port 5432 using Ingress (postgres default port) from any IP address.
SecurityGroup securityGroup = SecurityGroup.Builder.create(this, "postgres_sg")
.namePrefix("postgres-sg-")
.vpcId(vpc.getId())
.ingress(List.of(securityGroupIngress))
.egress(List.of(securityGroupEgress))
.tags(Collections.singletonMap(TAG_NAME, "postgres-sg"))
.build();
// Subnet 1 (Private as there is no internet gateway associated with it)
Subnet privateSubnet = Subnet.Builder.create(this, "postgres_private_subnet")
.vpcId(vpc.getId())
.cidrBlock("10.0.2.0/24")
.availabilityZone(REGION + "a")
.tags(Collections.singletonMap(TAG_NAME,"postgres_private_subnet"))
.dependsOn(List.of(vpc))
.build();
// Subnet 2 (Public as there is an internet gateway associated with it)
Subnet publicSubnet = Subnet.Builder.create(this, "postgres_public_subnet")
.vpcId(vpc.getId())
.cidrBlock("10.0.1.0/24")
.availabilityZone(REGION + "b")
// By attaching an internet gateway to the VPC and creating a public subnet with map_public_ip_on_launch set to true,
// the resources using this subnet will be publicly accessible.
.mapPublicIpOnLaunch(true)
.tags(Collections.singletonMap(TAG_NAME,"postgres_public_subnet"))
.dependsOn(List.of(vpc))
.build();
// Internet Gateway to access resources from publicly exposed subnets
InternetGateway internetGateway = InternetGateway.Builder.create(this, "postgres_internet_gateway")
.vpcId(vpc.getId())
.tags(Collections.singletonMap(TAG_NAME, "postgres_internet_gateway"))
.dependsOn(List.of(vpc))
.build();
RouteTableRoute route = new RouteTableRoute.Builder()
.cidrBlock("0.0.0.0/0")
.gatewayId(internetGateway.getId())
.build();
// AWS Route Table to update default route to our internet gateway
RouteTable routeTable = RouteTable.Builder.create(this, "postgres_public_route_table")
.vpcId(vpc.getId())
.route(List.of(route))
.tags(Collections.singletonMap(TAG_NAME, "postgres_public_route_table"))
.dependsOn(List.of(vpc))
.build();
// Public Subnet & Route Table Association
RouteTableAssociation routeTableAssociation = RouteTableAssociation.Builder.create(this, "postgres_public_route_table_association")
.subnetId(publicSubnet.getId())
.routeTableId(routeTable.getId())
.dependsOn(List.of(publicSubnet, routeTable))
.build();
final String DB_SUBNET_GROUP_NAME = "postgres_db_subnet_group";
DbSubnetGroup dbSubnetGroup = DbSubnetGroup.Builder.create(this, DB_SUBNET_GROUP_NAME)
.name(DB_SUBNET_GROUP_NAME)
.subnetIds(List.of(privateSubnet.getId(), publicSubnet.getId()))
.tags(Collections.singletonMap(TAG_NAME, DB_SUBNET_GROUP_NAME))
.dependsOn(List.of(privateSubnet, publicSubnet))
.build();
//This object tells Terraform to Create a single AWS db instance of type postgres
DbInstance rdsInstance = DbInstance.Builder.create(this, "MyRdsInstance")
.allocatedStorage(20) //GB
.dbName("my_terraform_cdktf_db")
.username("my_terraform_cdktf_user")
.password("my_terraform_cdktf_password")
.engine("postgres")
.engineVersion("15.2")
.instanceClass("db.t3.micro")
.port(5432)
.dependsOn(List.of(dbSubnetGroup, securityGroup, vpc, routeTable, privateSubnet, publicSubnet, routeTable, routeTableAssociation))
.dbSubnetGroupName(dbSubnetGroup.getName())
.vpcSecurityGroupIds(List.of(securityGroup.getId()))
.skipFinalSnapshot(true)
.publiclyAccessible(true)
.tags(Collections.singletonMap(TAG_NAME, "postgres_instance"))
.build();
// Output the connection details for the RDS instance
TerraformOutput.Builder.create(this, "rds_endpoint")
.value(rdsInstance.getEndpoint())
.build();
}
I am trying to connect the DB using
nc -zv <db_endpoint> <db_port>
Here's My VPC:
Upvotes: 0
Views: 159
Answers (0)
Related Questions
- AWS VPC NAT Not Working
- AWS EC2 Internet access without dedicated public IP
- EC2 instance in public subnet has no public IP
- How to connect to outside world from amazon vpc?
- Connecting to RDS Postgres from remote machine
- Connect to RDS instance from Ec2 instance within VPC
- AWS VPC with both internet gateway and NAT
- Error while creating EKS Cluster using eksctl
- How to connect AWS Lambda function inside a VPC to public resources like DynamoDB?