How do I link a security group to my AWS RDS instance
When your RDS instance is not in a VPC, then your RDS instance is associated with an RDS security group. Those security groups are controlled by the "Security Groups" section in the RDS console. From there, you can add EC2-Classic security groups for access:
- Select your RDS security group
- Select "EC2 Security Group" for the "Connection Type"
- Select this or another AWS account and fill in the other AWS account number if necessary
- Select or fill in the correct security group.
- Click "Authorize"
When your RDS instance is inside a VPC, then your RDS instance is associated with a VPC security group. Those security groups are controlled by the "Security Groups" section in the VPC console. From there, you can add other VPC security groups for access:
- Select your VPC security group
- Select the "Inbound Rules" tab
- Click "Edit"
- Add a new rule, select your protocol and port range. For "Source", type or select your security group. Only VPC security groups within the same VPC can be used for this purpose.
- Click "Save"
Note, when selecting the security group, depending on the browser you're using, the list may only appear once focus is in the "Source" edit box. It may also only appear if you start typing. Also, it may not appear at all. If this is the case, type in the source VPC security group's identifier (eg. sg-12345678).
Related videos on Youtube
![nu everest](https://i.stack.imgur.com/svenn.jpg?s=256&g=1)
nu everest
Python, Django, Javascript, JQuery, C#, ASP.NET, MVC, CSS, SCSS, HTML, and PHP. Zurb's Foundation 5+ responsive front-end framework. Postgresql, MySQL, and SQLServer database backends. Nginx and IIS webservers. Amazon Cloud services including EC2, S3, RDS, Cloudfront, Route53, Lambda, and SES.
Updated on September 18, 2022Comments
-
nu everest over 1 year
I have a postgres db setup on RDS. It is running great. However, I want to link this to a set of autoscaled EC2 instances sitting behind an ELB that all reside in a single
EC2 security group
.I've been told that it is possible to add a rule to the security group for the RDS instance that uses my EC2 security group as the source. When I go to the console and edit the RDS security group I only see the following options under the source column:
Anywhere, Custom IP, and My IP
.In the information pop-up at the top of the column it says:
To specify a security group in another AWS account (EC2-Classic only), prefix it with the account ID and a forward slash, for example: 111122223333/OtherSecurityGroup.
(looks like it may only be applicable to EC2-Classic)It does not let me type in the source dropdown box.
Under the RDS section I notices they have
option groups
. However the default option group associated with my postgres instance is not editable.Therefore, I tried to create a new group. At this point I discovered that postgres is not listed as an available
engine
. I selected mysql instead just to see whether I could add options. It looks like I can add a security group to a mysql instance, but NOT a postgres instance.Do postgres instances not support this expected option?
-
Matt Houser over 9 yearsIs your RDS instance inside a VPC?
-
nu everest over 9 yearsYes my RDS instance is inside a VPC.
-
-
brauliobo over 7 yearswhat about the inverse when the ec2 is in a vpc and the rds isn't?
-
dangel over 4 yearsso... you mean add the Security Group that the EC2 instance is a part of to the RDS Security Group?