Connectivity in AWS RDS
- Database in RDS can be made publically accessible or only with in vpc
- To select the subnets i.e. AZ’s where the database should be created we use db subnet group.
- Security group around database has allow rules to allow traffic only from recomended sources
- Generally when applications access database they need connection strings. Connection string has following information
- database fqdn/ip address
- engine
- port
- credentials
-
Connection strings in applications can be configured in two ways
- by changing config files (properties.xml, web.config)
- Environmental Variables
-
Things to be checked
- VPC
- subnet group
- security group
- Lets create a security group for mysql access within vpc range. Note: default vpc had a range of 172.31.0.0/16. mysql by default works on port 3306
- Navigate to VPC from services
- Now Navigate to RDS and view subnet groups
- Now lets create a database with default subnet group in AZ b, security group created above and mysql free tier eligible and not publically accessible
- Connectivity Options
- The database which we have created is not publically accesible and security group allows only connections from other devices from same vpc on port 3306
- Lets try to connect to this database from external network (your laptop). It should not allow.
Next Steps
- We will try connecting from windows vm by installing mysql workbench
