AWS Postgres database IP in security group, how to enter info to survive IP address changes?

mj_

9/12/23, 5:51 PM

I have an existing prod Postgres database and I would like to replicate a table to a new Postgres database. In order to get the two to be able to talk to each other, I had to edit an AWS security group and add the public IP address of the new database since both databases are on a common VPC. While reading, I saw that the public IP of an RDS database can change. This would mean that the IP entered into the security group is no longer valid.

Is there a way to add my new database into the security group without being impacted by IP address changes?

0 + 0

postgresql

amazon-web-services

rds

amazon-vpc

security-groups

Score:0

Server

Tim

9/12/23, 7:17 PM

If they're in the same VPC I would put them in different security groups, but then the rules between the security groups would be by SG name rather than IP address / CIDR range.

0 + 0

mj_

9/12/23, 8:47 PM

Alright, I did that. I have a common VPC, two security groups (sg-NEW and sg-EXISTING) where Postgres prod has sg-EXISTING and Postgres new has sg-NEW and sg-EXISTING. sg-EXISTING has an inbound rule for sg-NEW. I removed the inbound route for the public IP and it stopped working.

Tim

9/12/23, 10:19 PM

Address the existing database using the DNS name for the RDS database rather than a public IP.

mj_

9/13/23, 2:12 AM

I see that when I attempt to address to the DNS name for the database for the Prod database, the public IP is returned for it. Within a VPC, is there a way to force a local IP to get used instead?

Tim

9/13/23, 2:20 AM

I suspect that the public IP will be remapped to the private. What I've heard in the past is private IPs are used within the VPC, public IPs are done in the internet gateway as a type of NAT. What I don't know is if using the public IP will be translated to the private IP and directly accessed or if it will go via the internet. I'd disable the 0.0.0.0/0 route to the internet in the route table, if you can still contact RDS it's using private IPs

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AWS Postgres database IP in security group, how to enter info to survive IP address changes?

TH: IP ของฐานข้อมูล AWS Postgres ในกลุ่มความปลอดภัย จะป้อนข้อมูลอย่างไรเพื่อให้รอดจากการเปลี่ยนแปลงที่อยู่ IP

RO: IP-ul bazei de date AWS Postgres în grupul de securitate, cum să introduceți informații pentru a supraviețui modificărilor adresei IP?

RU: IP-адрес базы данных AWS Postgres в группе безопасности, как ввести информацию, чтобы сохранить изменения IP-адреса?

VI: IP cơ sở dữ liệu AWS Postgres trong nhóm bảo mật, cách nhập thông tin để tồn tại khi thay đổi địa chỉ IP?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.