How to configure VPC and subnet for EC2 Database accessible privately
- I have an EC2 Postgres Database (not standard AWS RDS, but based on my own configured AMI)
- I have a load balancer, auto scaling group with 4 max servers in each AZ (us-west-2)
- My load balancer is attached with 4 public subnets (each in 1 AZ)
- My EC2 ASG which handles application servers allows instances to be created in any of the 4 private subnets (each in 1 AZ)
- I have done all the necessary setup (NAT and IGW) to make internet accessible from my EC2 instances.
I have tested that after making the above config (except DB), my application servers are up, and are accessible using my Route 53 hosted zone.
Here are the questions:
1 - How to make my 1 EC2 DB instance (should be private IP) accessible from any of the 4 application servers residing in 4 private subnets?
2 - After the above is made possible, is there a way to make the same instance available to other regions (e.g. eu-central-1) as well?
3 - How do I handle relaunching of my DB instance in application code? Do I update it every time with its IP address?
P.S. I have everything setup using 3 CFN templates (1 for networking, 1 for DB, 1 for ASG + ELB), so if possible, please include links to such examples or try to provide guideline here for the same.
1 - You can make your DB instance accessible from the instances in the private subnet by mentioning the security group of your private EC2 instances as the source for the postgres port in the DB instance security group.
2 - Yes, its possible to make the same instance available in another region, but the latency will be there which will make its access very slow.
3 - yes, unfortunately you have to do it because there is no static public IP attached to it.