I am trying to connect to an RDS Instance from my local machine through a VPC Peering connection. In my AWS Account I have two VPCs: VPC1 is connected to my local network via DirectConnect, VPC2 isn’t. VPC2 contains all of my infrastructure and the idea is that if I want to connect to that infrastructure from my local machine I need to work through VPC1.
I have configured a route in the peering connection to forward IP based requests to VPC2 for a given address range. This doesn’t really help me for RDS though because I don’t know what the IP Address for RDS is, only the endpoint. I am guessing that there is some combination of DNS/Routing/Networking/Peering that will solve this problem but I haven’t found any documentation that describes how to solve this issue.
Has anyone solved this issue before, or know of any documentation that describes what needs to be done?
Update:
The exact problem is that I can’t connect to the RDS instance from my local machine. For example, if I use the RDS Endpoint as the server for my connection, the Sql Client I am using simply can’t connect with a timeout error. My suspicion is that traffic is not being routed to VPC2 correctly but I don’t know how to prove that.
As far as DNS goes, I am not sure how OnPrem is setup however I have 4 hosted zones in Route53 with a variety of URLs. Items that I setup in Route53 I am able to resolve by host name on my local.
Likewise, I am not sure how the network has been configured with DirectConnect (full VPN tunnel or otherwise).
As far as DNS and the network connections between AWS go though, that stuff works. I am able to resolve pieces of infrastructure in VPC1 fine I just (seemingly) can’t get traffic to move across the Peering Connection in the way that I would expect.
2
Answers
Sorry for the Japanese material.
I think VPC1 and VPC2 cannot communicate even if you configure routing. So as long as communication is impossible, configuring DNS will not accomplish the goal, I guess.
AWS Solutions Architect ブログ: VPC Peeringの使いどころとTips等々
Translated with http://www.DeepL.com/Translator (free version)
Could PrivateLink help you achieve your goal?
AWS-40_AWS_Summit_Online_2020_NET01.pdf
Along the example on page 42:
local network –> Direct Connect –> VPC Endpoint (in VPC1) –> NLB (in VPC2) –> RDS (in VPC2)
I think the problem is that you think you can access vpc2 resources from on-prem just b/c you have direct connect to vpc1. What vpc-peering is giving you is access from vpc1 to vpc2 via private ip addresses. In your case you want vpc1 to act like a router to just transit your request from on-prem to vpc2. It does not work that way.
What are your options:
The doc here talks about vpc-peering limitations, it will basically explain that transitive connections like you want won’t work: https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html
AWS scenario documentation to reach db mentions option 1 here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html