-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't configure an RDS without Private subnets in a VPC #4828
Comments
I guess I found the answer here #4668 |
Yes, I think the behavior around subnet selection in 1.15 will be better for you.
I don't believe that is true. You will need to use the private IP addresses of your database to connect though (probably in the Maybe enabling "private DNS" on your VPC will work, I'm not sure I'm not a networking expert. Since you don't seem to want any NAT gateways, you need to use ISOLATED subnets for your Lambdas though, not PRIVATE ones. |
I'd like to be able to connect to my RDS from a local PC (at least during the development stage). It looks like it's not possible with ISOLATED subnets. |
If you want to connect to your RDS instance from your PC it will need to be routable from the internet. That means it is itself in a public subnet with a public IP address, or it has a publicly routable computer in front of it (typically a load balancer in the form of an ALB with a TCP connection or an NLB). |
Or I guess you could VPN into your VPC, but I'm not exactly sure how that is done. |
Closing this issue since it seems to have been resolved. Feel free to reopen. |
Wait, we can have ALB (public subnet) routing traffic to Aurora (private subnet)? 👀 |
|
Via the AWS Management Console I created a VPC from scratch with two public subnets. Then I created a DB Instance in that VPC. Everything worked smoothly. When I replicated the same configuration in CDK I got the following error:
There are no 'Private' subnet groups in this VPC. Available types: Public
When I added two extra Private subnets (with natGateways=0) to the VPC, I got another error:
CommonVpc/CommonPrivateSubnetGroupSubnet2/DefaultRoute (CommonVpcCommonPrivateSubnetGroupSubnet2DefaultRoute30057064) Exactly one of [InstanceId, NetworkInterfaceId, EgressOnlyInternetGatewayId, VpcPeeringConnectionId, GatewayId, TransitGatewayId, NatGatewayId] must be specified and not empty
Reproduction Steps
Environment
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: