Connect to RDS (PostgreSQL) in a Private Subnet via AWS Client VPN

1 / 2

Connect to RDS (PostgreSQL) in a Private Subnet via AWS Client VPN

DEV Community·nao1515·about 1 month ago

#gMEexMQl

#connect #verify #aws #client #certificate #fullscreen

Reading 0:00

15s threshold

Introduction Placing RDS in a private subnet protects it from unauthorized external access — but it also means you can no longer connect directly from your developer machine. This article walks you through a step-by-step guide to securely connect to a private-subnet RDS (PostgreSQL) instance using AWS Client VPN . Architecture Overview Developer PC │ │ UDP 443 (TLS / Mutual Certificate Authentication) ▼ Client VPN Endpoint (Public Subnet) │ │ Authorization Rule + Route Table ▼ Private Subnet │ │ SG: Port 5432 allowed from Client CIDR ▼ Amazon RDS (PostgreSQL) Enter fullscreen mode Exit fullscreen mode Prerequisites Item Value VPC CIDR 10.0.0.0/16 Public Subnet 10.0.0.0/24 (for VPN association) Private Subnet 10.0.1.0/24 (for RDS) Client CIDR 10.100.0.0/22 (IP range assigned to VPN clients) DB Engine PostgreSQL Port 5432 Step 1: Create Certificates and Import to ACM Generate server and client certificates using Easy-RSA.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

Connect to RDS (PostgreSQL) in a Private Subnet via AWS Client VPN