0

I have an existing prod Postgres database and I would like to replicate a table to a new Postgres database. In order to get the two to be able to talk to each other, I had to edit an AWS security group and add the public IP address of the new database since both databases are on a common VPC. While reading, I saw that the public IP of an RDS database can change. This would mean that the IP entered into the security group is no longer valid.

Is there a way to add my new database into the security group without being impacted by IP address changes?

mj_
  • 121
  • 1
  • 4

1 Answers1

0

If they're in the same VPC I would put them in different security groups, but then the rules between the security groups would be by SG name rather than IP address / CIDR range.

New database SG

Existing Database SG

Tim
  • 30,383
  • 6
  • 47
  • 77
  • Alright, I did that. I have a common VPC, two security groups (sg-NEW and sg-EXISTING) where Postgres prod has sg-EXISTING and Postgres new has sg-NEW and sg-EXISTING. sg-EXISTING has an inbound rule for sg-NEW. I removed the inbound route for the public IP and it stopped working. – mj_ May 12 '22 at 20:47
  • Address the existing database using the DNS name for the RDS database rather than a public IP. – Tim May 12 '22 at 22:19
  • I see that when I attempt to address to the DNS name for the database for the Prod database, the public IP is returned for it. Within a VPC, is there a way to force a local IP to get used instead? – mj_ May 13 '22 at 02:12
  • I suspect that the public IP will be remapped to the private. What I've heard in the past is private IPs are used within the VPC, public IPs are done in the internet gateway as a type of NAT. What I don't know is if using the public IP will be translated to the private IP and directly accessed or if it will go via the internet. I'd disable the 0.0.0.0/0 route to the internet in the route table, if you can still contact RDS it's using private IPs – Tim May 13 '22 at 02:20