How do I link a security group to my AWS RDS instance

41,834

When your RDS instance is not in a VPC, then your RDS instance is associated with an RDS security group. Those security groups are controlled by the "Security Groups" section in the RDS console. From there, you can add EC2-Classic security groups for access:

  1. Select your RDS security group
  2. Select "EC2 Security Group" for the "Connection Type"
  3. Select this or another AWS account and fill in the other AWS account number if necessary
  4. Select or fill in the correct security group.
  5. Click "Authorize"

When your RDS instance is inside a VPC, then your RDS instance is associated with a VPC security group. Those security groups are controlled by the "Security Groups" section in the VPC console. From there, you can add other VPC security groups for access:

  1. Select your VPC security group
  2. Select the "Inbound Rules" tab
  3. Click "Edit"
  4. Add a new rule, select your protocol and port range. For "Source", type or select your security group. Only VPC security groups within the same VPC can be used for this purpose.
  5. Click "Save"

Note, when selecting the security group, depending on the browser you're using, the list may only appear once focus is in the "Source" edit box. It may also only appear if you start typing. Also, it may not appear at all. If this is the case, type in the source VPC security group's identifier (eg. sg-12345678).

Share:
41,834

Related videos on Youtube

nu everest
Author by

nu everest

Python, Django, Javascript, JQuery, C#, ASP.NET, MVC, CSS, SCSS, HTML, and PHP. Zurb's Foundation 5+ responsive front-end framework. Postgresql, MySQL, and SQLServer database backends. Nginx and IIS webservers. Amazon Cloud services including EC2, S3, RDS, Cloudfront, Route53, Lambda, and SES.

Updated on September 18, 2022

Comments

  • nu everest
    nu everest over 1 year

    I have a postgres db setup on RDS. It is running great. However, I want to link this to a set of autoscaled EC2 instances sitting behind an ELB that all reside in a single EC2 security group.

    I've been told that it is possible to add a rule to the security group for the RDS instance that uses my EC2 security group as the source. When I go to the console and edit the RDS security group I only see the following options under the source column: Anywhere, Custom IP, and My IP.

    In the information pop-up at the top of the column it says: To specify a security group in another AWS account (EC2-Classic only), prefix it with the account ID and a forward slash, for example: 111122223333/OtherSecurityGroup. (looks like it may only be applicable to EC2-Classic)

    It does not let me type in the source dropdown box.

    Under the RDS section I notices they have option groups. However the default option group associated with my postgres instance is not editable.

    Therefore, I tried to create a new group. At this point I discovered that postgres is not listed as an available engine. I selected mysql instead just to see whether I could add options. It looks like I can add a security group to a mysql instance, but NOT a postgres instance.

    Do postgres instances not support this expected option?

    • Matt Houser
      Matt Houser over 9 years
      Is your RDS instance inside a VPC?
    • nu everest
      nu everest over 9 years
      Yes my RDS instance is inside a VPC.
  • brauliobo
    brauliobo over 7 years
    what about the inverse when the ec2 is in a vpc and the rds isn't?
  • dangel
    dangel over 4 years
    so... you mean add the Security Group that the EC2 instance is a part of to the RDS Security Group?