AWS Quickstart Postgres Secure - Support needed on Connection Problem to RDS instance

Hi, i followed the AWS Quickstart SECURE guide for Postgres, the collector seems to work fine, but i have issues connecting to the postgres instance in my AWS Cluster.

There it says:

“If your Postgres RDS was configured to be publically accessible, there are a number of tools you can use to connect to a Postgres database from your local machine:”

But sadly no reference on how to configure this…

I have done the following:

My local IP is in postgres.terraform.tfvars

  • ssh_ip_allowlist = [“w.x.y.z/32”]
  • postgres_db_ip_allowlist = [“w.x.y.z/32”]

So by following the guide, my assumption was: The RDS instance should be reachable from my IP. But at least in my setup, it is not.

I then tried the following to get access:

I followed this guide:

I tried the following to debug:

telnet <RDS endpoint> <port number>
nc -zv <RDS endpoint> <port number>

I have after some research changed in the changed this from false to true

publicly_accessible = true

So i moved in the result from not connecting at all to a timeout.
I am not an AWS pro, so my assumptions may be very vague

I assume that i am unable to reach the private subnet. I was already trying to set up a bastion host in the vpc, but the terraform formulas i found were not compatible with the quickstart (GitHub - Guimove/terraform-aws-bastion: Terraform module which creates SSH bastion infrastructure on AWS) but this seems to me either an overkill for a quickstart or simply a missing part in the quickstart tutorial.

To me the tutorial states that i would be able to reach the postgres instance

Can someone please help me out to find the next step?

Hi @PaFaSn if you have deployed your Postgres instance in a private subnet by nature you cannot access it over the public internet as it does not have a public IP address but rather is sitting in an internal only network. To be able to reach it you will need to setup some form of jump-host / way to get into the instance. A bastion host is one option or a VPN node which lets you connect to the RDS.

This is one article that may help: Use Amazon EC2 to locally connect to a private RDS DB instance | AWS re:Post

The instructions state “If your Postgres RDS was configured to be publically accessible” → in this case you have deployed a private only asset which means you need to setup a network connection to be able to connect to it.

If this is for an evaluation it might be best to move the Postgres instance to a “public_subnet” instead which will make it accessible over an IP Allowlist on the internet. Otherwise you will need to tunnel into the deployed network to establish a connection.

Hope this helps!

Thank you very much, will try the VPN node.