Home > OS >  Same VPC, can't access postgresql of another host using EC2 psql
Same VPC, can't access postgresql of another host using EC2 psql

Time:09-16

In the same VPC, I used CDK to create an EC2, a postgresql. I set EC2 as public, postgresql as private and allow all IPs to access postgresql default port Everything is ready, but can't telnet to postgresql using psql from EC2, anyone know the problem, am I missing something?

Vpc vpc = new Vpc(this,"RDS-VPC",
                VpcProps.builder()
                        .natGateways(1).maxAzs(2).build());

        SecurityGroup ec2SG = new SecurityGroup(this,"EC2-SG", SecurityGroupProps.builder().vpc(vpc).allowAllOutbound(true).build());
        ec2SG.addIngressRule(Peer.ipv4("xxx.xxx.xxx.xxx/32"),Port.tcp(22),"The specified IP can be accessed");
   
        SecurityGroup rdsSg = new SecurityGroup(this,"RDS-SG", SecurityGroupProps.builder().vpc(vpc).allowAllOutbound(true).build());

        rdsSg.addIngressRule(Peer.anyIpv4(),Port.tcp(5432),"allow public ssh access");
        List<SecurityGroup> securityGroups  = new ArrayList<>();
        securityGroups.add(rdsSg);
 Instance Ec2Instace = new Instance(this,"ec2", InstanceProps.builder().vpc(vpc)
                .instanceType(InstanceType.of(InstanceClass.T3,InstanceSize.MEDIUM))
                .machineImage(MachineImage.latestAmazonLinux(AmazonLinuxImageProps.builder().generation(AmazonLinuxGeneration.AMAZON_LINUX_2).build()))
                .securityGroup(ec2SG)
                .vpcSubnets(SubnetSelection.builder().subnetType(SubnetType.PUBLIC).build())
                .keyName("keyname")
                .build());
Credentials credentials = Credentials.fromPassword("xxx", new SecretValue("xxxx"));

        SubnetGroup subnetGroup = new SubnetGroup(this,"postgresql", SubnetGroupProps.builder().vpcSubnets(SubnetSelection.builder().subnetType(SubnetType.PRIVATE_WITH_NAT).build()).build());
        DatabaseInstance databaseInstance = new DatabaseInstance(this,"postgresql",DatabaseInstanceProps.builder()
                .vpc(vpc)
                .deleteAutomatedBackups(true)
                .instanceType(InstanceType.of(InstanceClass.T3,InstanceSize.MICRO))
                .allocatedStorage(10)
                .credentials(credentials)
                .databaseName("xxxx")
                .securityGroups(securityGroups)
                .subnetGroup(subnetGroup)
                .publiclyAccessible(true)
                .engine(DatabaseInstanceEngine.postgres(PostgresInstanceEngineProps.builder().version(PostgresEngineVersion.VER_13).build()))
                .build());

CodePudding user response:

Add Eggress rule to EC2 security group for 0.0.0.0/0 CIDR so that EC2 can send traffic to RDS and download updates from the internet.

Nice to have:

  1. Replace anyIpv4 for Ingress rule for RDS with EC2 security group. You can reference security groups instead of IP CIDR.
  2. Add Eggress rule to RDS security group for 0.0.0.0/0 CIDR so that RDS can download updates from the internet.

This should be enough. Also you don't configure route table explicitly. Maybe it's not required for your case.

Page link:https//www.codepudding.com/os/546926.html

Prev:Multiple log rotate configuration in syslog.conf
Next:Update to python 3.10 in Google Cloud Shell
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding