2

I have an AWS account with an EC2 in it that I am trying to connect to a Cloud SQL Server (MySQL 5.6) inside of Google Cloud Platform.

I have successfully set up a VPN between AWS and GCP and can echo a message over nc between an ec2 on AWS and a vm on GCP.

As GCP managed DB's are not placed inside of a VPC of my choosing I followed this guide to give the DB a private IP and to then peer that with my google VPC. I tested this works by accessing the DB via pymsql from an VM in GCP using the private IP of the DB.

However my issues come from connecting the EC2 inside of AWS to the Cloud SQL DB in the same way, I have followed this guide to allow the use of the DB's private IP from an external source but I seem to be getting stuck with how to set the routing up to the peered network the DB is sitting in using AWS Routing.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
Max Cheetham
  • 113
  • 1
  • 9
  • What type of Google VPN? What type of routing (dynamic/static). Google VPC peering is not transitive. This means packets sent to your VPC will not be routed to another VPC (where Cloud SQL is located). You may need to set up a custom route advertisement. Review this document: https://cloud.google.com/vpc/docs/vpc-peering#key_properties – John Hanley Feb 24 '20 at 15:18
  • As a tip, I often use SSH tunneling to traverse networks. This is very easy to set up to allow connections from AWS to Cloud SQL. This is not for production networks, but excellent for development. https://www.ssh.com/ssh/tunneling/example Basically you are using the SSH server in a Compute Engine instance to forward traffic to Cloud SQL. – John Hanley Feb 24 '20 at 15:22
  • Another tip. Use Cloud SQL Proxy on your AWS instance and then you can connect directly to Cloud SQL without a VPN in a secure way. – John Hanley Feb 24 '20 at 15:23
  • Thank you all for your help! I have updated the question with a re-cap of how I solved the issue. – Max Cheetham Feb 24 '20 at 15:42

1 Answers1

0

The problem has been sorted!

In the Advertised routes Settings of my Cloud Router, I had misunderstood the function of Advertise all subnets visible to the Cloud Router (Default) I needed to instead choose Create custom routes" And then the sub-option Advertise all subnets visible to the Cloud Router.

This then allowed me to add the Cloud SQL subnet to my router to that IP block propagate over to AWS.

Max Cheetham
  • 113
  • 1
  • 9