Reputation: 89
adding a security group to another rds instance does not appear to work
I have two RDS instances, in the same VPC, same availability zone, both have public accessibility enabled.
- Aurora Postgresql with a security group of group-1
- Rds Postgresql with a security group of group-2
Adding group-2 to the group-1 incoming traffic as TCP/ 5432 does not appear to open that port on group-1 since the connection from group-2 times out via foreign data wrappers.
If I added the IP address of my RDS instance to group-1 the connection works, so it has to be related to the security group somehow.
I also created an EC2 instance where I installed postgresql in a docker container using the same group-2 security group, and this one connects just fine to the Aurora postgresql.
Any ideas what I could be doing wrong?
Upvotes: 1
Views: 56
Answers (1)
Reputation: 201018
I think it's because you have public accessibility enabled. That gives the RDS instances public IP addresses, so when one server tries to connect to the other one, it is trying to connect to the public IP address, which causes the network connection to leave the VPC and come back in. Security group ID references in security group rules only work when the traffic is between private IP addresses.
Upvotes: 0
Related Questions
- You may not specify a referenced group id for an existing IPv4 CIDR rule. prompt when editing the Inbound rule in AWS Security Group
- Why can't I connect AWS RDS instance from EC2 instance in another VPC after peering
- AWS Security group for RDS - Inbound rules
- How to add the ip of an instance in a vpc to the security group of rds ec2 classic instance with aws cli
- What does Outbound traffic mean for an AWS Security Group assigned to an AWS RDS instance?
- How to change RDS Security Group using boto3?
- AWS Security Group for RDS - Outbound rules