How Do I Configure a Security Group to Enable Access to RDS DB Instances?

  • When you attempt to connect to a DB instance through a private network, check whether the ECS and RDS DB instance are in the same security group.

    • If the ECS and RDS DB instance are in the same security group, they can communicate with each other by default. No security group rules need to be configured.

    • If the ECS and RDS DB instance are in different security groups, you need to configure security group rules for them, separately.

      • RDS DB instance: Configure an inbound rule for the security group with which the DB instance is associated.

      • ECS: The default security group rule allows all outgoing data packets. In this case, you do not need to configure a security rule for the ECS. If not all outbound traffic is allowed in the security group, you need to configure an outbound rule for the ECS.

  • When you attempt to connect to a DB instance through an EIP, you need to configure an inbound rule for the security group associated with the DB instance.