we want to our RDS outside VPC openly access, but it is not secure to do so.
Is there any solution to help us connect the RDS securely ?
CodePudding user response:
You have two basic options to access an Amazon RDS database. Which you choose depends on your Risk appetite.
Option 1: RDS database in public subnet
For this option, the database is launched in a Public Subnet, with Publicly Available = Yes
.
To secure the database, you would configure the Security Group to only permit inbound access from your IP address.
Option 2: RDS database in private subnet
For this option, the database is launched in a Private Subnet, with Publicly Available = No
.
You will need some way to 'connect' to the VPC, and then connect to the RDS database. Options for connecting to the VPC could be:
- Create an AWS Client VPN, which allows you to connect to the VPC from any location using an OpenVPN-based VPN client, or
- Launch an Amazon EC2 instance in the public subnet and connect to it using SSH and Port Forwarding (See: How to use SSH Tunnel to connect to an RDS instance via an EC2 instance?)