AWS RDS Database user of username@100.%.%.% (IPv4 Shared Address Space) is that safe?

J. Gwinner

2/1/24, 11:48 PM

We have an RDS instance that is not publicly accessible. We have a VPN and VPC with 172.X addresses that connects to it.

In our RDS logs, I'm seeing a LARGE number of failures, which has blocked our instance.

2023-02-01 22:14:05 1351320 [Warning] IP address '100.69.187.97' could not be resolved: Name or service not known
2023-02-01 22:14:05 1351320 [Warning] Access denied for user 'metabase_ro'@'100.69.187.97' (using password: YES)

100.X not 10.X

Note that the address 100.69.X.X is part of the IANA shared address space - ISP to ISP NAT type stuff.

https://en.wikipedia.org/wiki/IPv4_shared_address_space

The question I would have, is why is one of our servers coming in with an ISP level IP address?? They are supposedly connecting via the Tailscale VPN, but we have no control over that, the Finance folks recently installed it unannounced.

Is it safe to open up the RDS server to an ISP level IP address? 100.%.%.% address?

0 + 2

amazon-web-services

amazon-rds

Tim

2/2/24, 12:38 AM

I think a bit more discovery to work out where the connections are coming from is in order. VPC Flow Logs are annoying to look at but quite effective.

J. Gwinner

2/2/24, 9:36 PM

Thanks @Tim. I know where they are coming from, someone setup a VPN using Carrier Grade IP addresses as the client IP address when we connect. This is via Tailscale. I log on and get 100.75.254.62 for example.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AWS RDS Database user of username@100.%.%.% (IPv4 Shared Address Space) is that safe?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.