Access to an AWS RDS is controlled by DB Security Group. By default it is set to Deny All. It is a best practice to limit the hosts that can actually connect to your RDS instance. It basically limits the attach vectors available. To do this AWS allows you to set two items:
1. CIDR/IP -> Here you can specific a CIDR/IP range. Learn about CIDR/IP range on http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.
2. EC2 Security Group – If you have an instance running that uses a security group you can specify that security group and AWS account. This way all those instance which use the same security group and are instantiated in this particular AWS account will be able to access the RDS DB.
No comments:
Post a Comment