(This is my first time here so I’m sorry if this post is not perfect.)
I have developed a Flask application which I have later deployed on an AWS EC2 instance. The app connects to RDS database (PostgreSQL) to handle certain operations.
When I run the Flask app locally and allow access to my computer’s IP to the database, it all works fine, but when I run it on the EC2 Instance, despite allowing its Elastic IP, it times out.
When I allow requests to the RDS database from all IPs, the connection on the EC2 instance doesn’t seem to time out and works fine.
2
Answers
If they are both in the same VPC, then the EC2 instance will communicate with the RDS instance via the private IP, and keep all network traffic inside the VPC. That means the EC2 instance’s Elastic IP will not be used. You need to allow the EC2 instance’s private IP in the RDS instance’s security group.
Alternatively, to keep the connection from breaking if the EC2 instance’s IP private address was to change, you could allow the EC2 instance’s security group as the source, in the RDS instance’s security group.
Security groups can refer to each other without needing an IP address. You would configure:
App-SG) that permits inbound connections for the app (eg 80, 443) and all outbound connectionsDB-SG) that permits all inbound connections fromApp-SGThat is,
DB-SGspecifically refers toApp-SG. This way, any EC2 instance that is associated with theApp-SGis automatically permitted inbound access throughDB-SG.This avoids having to configure specific IP addresses in the security groups and it means that connectivity still works if you add more EC2 instances.