对等后为什么无法从另一个VPC中的EC2实例连接AWS RDS实例 [英] Why can't I connect AWS RDS instance from EC2 instance in another VPC after peering
问题描述
我正在VPC A中的EC2实例上运行Tableau Server。同时,我在另一个VPC B中创建了一个postgres RDS。现在,我想在Tableau Server和RDS之间建立连接。 RDS VPC的CIDR为172.31.0.0/16,EC2 VPC的CIDR为10.0.0.0/16。
I am running Tableau Server on our EC2 instance in VPC A. Meanwhile, I created a postgres RDS in another VPC B. Now I want to establish the connection between the Tableau Server and RDS. CIDR of RDS VPC is 172.31.0.0/16 and that of EC2 VPC is 10.0.0.0/16.
根据通过不同VPC中的EC2实例访问的VPC中的数据库实例,我在VPC A之间创建了对等关系和VPC B,pcx-xyz123。此外,我还为VPC创建了以下路由表。
According to A DB Instance in a VPC Accessed by an EC2 Instance in a Different VPC, I created peering between VPC A and VPC B, pcx-xyz123. Besides, I also created the following route tables for the VPCs.
RDS VPC
Destination Target
172.31.0.0/16 local
10.0.0.0/16 pcx-xyz123
EC2 VPC
Destination Target
10.0.0.0/16 local
172.31.0.0/16 pcx-xyz123
两个路由表都是主要的。虽然每个子网都有0个子网(不确定是否很重要)。
Both route tables are main. Each has 0 Subnets though (not sure if this matters).
但是我仍然无法从Tableau Server连接RDS。
However I still can't connect RDS from Tableau Server.
这两个实例是由同一帐户创建的。它们都被列为美国东部(俄亥俄州)。因此,我认为它们在同一地区。加上两者的主机名中都有 us-east-2 。在我的PC上,我可以使用psql命令或pgAdmin连接到RDS。
The two instances are created by same account. They are both listed under US East(Ohio). So I assume they are in the same region. Plus both have us-east-2 in their hostnames. From my PC, I can connect to RDS with psql command or pgAdmin.
为什么我不能连接两个实例?
Why can't I connect the two instances?
编辑:
我已经为Tableau Server在同一VPC的同一子网内创建了另一个EC2 Linux实例。调试目的。我以相同的方式配置对等和路由表,还将子网与路由表相关联。但是,我仍然无法在EC2 Linux实例上连接到RDS。
EDIT: I've created another EC2 Linux instance within the same subnet of the same VPC as the Tableau Server just for debugging purposes. I configured the peering and route table same way and also associate the subnets to the route tables. However, I still can't connect to RDS on the EC2 Linux instance.
推荐答案
VPC对等的工作方式与公共子网连接到Internet网关-路由表定义流量如何进出子网。
VPC Peering works much the same way as how Public Subnets connect to the Internet Gateway -- the Route Tables define how traffic goes in/out of the Subnets.
VPC对等工作:
- 邀请&接受对等连接(完成)
- 在每个VPC中创建一个路由表,该路由表指向其他VPC的IP范围的对等连接(完成) )
- 关联您希望能够对等到路由表的每个子网
- 或者,编辑现有的路由表以包含对等条目
- 如果您的RDS数据库是公共的,并且您尝试使用数据库的公共DNS进行连接,则需要编辑对等连接的DNS设置以允许DNS解析。
- Invite & Accept the peering connection (Done)
- Create a Route table in each VPC that points to the Peering connection for the other VPC's IP range (Done)
- Associate each subnet that you want able to peer to the Route Table
- Alternatively, edit existing route tables to include the peering entry
- If your RDS database is public, and you are attempting to connect using the public DNS of the database, then you will need to edit the DNS settings of your peering connection to allow DNS resolution.
路由的工作方式如下:
- 当流量离开子网时,路由请咨询表格以确定将流量发送到哪里
- 首先评估限制最大(例如/ 24),直到限制最小(例如/ 0)
- tra ffic根据相应的路由表条目进行路由
这意味着您可以配置子网的 some 进行观察,而不必包括所有这些。传统上,对等的是私有子网,并且可能仅是特定的专用子网-但这完全是您的选择。
This means that you can configure some of the subnets to peer, rather than having to include all of them. Traditionally, it is the Private subnets that peer and possibly only specific Private subnets -- but that is totally your choice.
将其视为路线图上的指示,告诉交通应将路线指向何处。
Think of it as directions on a roadmap, telling traffic where it should be directed.
这篇关于对等后为什么无法从另一个VPC中的EC2实例连接AWS RDS实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
