I have a publicly accessible RDS instance that I want to connect to from a EKS cluster in a different VPC. I set up a VPC peering, add cross routes for VPC CIDRs, add EKS VPC CIDR to RDS security group, however there's no db connection unless I add a NAT IP address from EKS cluster (I have worker nodes in private subnets) to the inbound rules of RDS security group. It looks like because RDS instance created as publicly accessible its hostname always resolved to the public IP so the connection from EKS happens from a public NAT EIP to a public RDS EIP. Is this how it should be and cannot be changed? Does it mean there's no point in VPC peering because the connection will never be private? Ideally I want the traffic between EKS and RDS be private and never leave VPCs or does AWS already routes the traffic internally despite the connection happening through EIPs?
Asked
Active
Viewed 438 times
1 Answers
1
I just needed to enable DNS settings of VPC peering connection to allow resolution to private IP https://stackoverflow.com/a/44896732/1826109
chingis
- 1,514
- 2
- 19
- 38