1

To elaborate, I have an AWS EC2 instance running a SoftEther VPN server, an AWS RDS instance, and clients on the VPN.

What I need to be able to do is have my RDS instance(s) connect through the VPN to the clients and pull some subsets of our data. I've been looking around and it seems that I can have my RDS instance access information through a VPN; however, it looks like all the documentation is in regards to a hardware based VPN. I found very little in the AWS Docs about a software based VPN.

My biggest question is, is it possible to do this kind of configuration in AWS (using a software vpn instead of a hardware vpn). If so, can you provide some kind of documentation on how to do so?

Much appreciation in advance!

Austin Kregel
  • 111

1 Answers1

0

If you just want machines at the other end of the VPN to connect to RDS, you can do it -- you just need to NAT the connections to RDS to the IP address of the EC2 instance acting as the VPN endpoint, so RDS knows where to send the return packets.

However, if you want RDS to be actively soliciting to endpoints over the VPN, you're going to have a tricky time. You can't influence RDS to route over the VPN through your EC2 instance (VPC routing tables are terrible), so RDS won't be able to connect. You could fudge it with DNAT rules on the EC2 instance, though, if you were feeling adventurous, and just tell RDS to talk to the EC2 instance, and have it forward the traffic through the VPN.

BTW, if you haven't rummaged around in RDS yet, don't assume that you can do whatever you're trying to do. A lot of the more esoteric features of the various RDS-supported database engines aren't available in RDS, so you might not be able to do whatever it is that you want to do. You may have to jury-rig up something involving EC2 instances to pump data around.

(We don't "provide documentation" here, BTW; you're expected to know how to use a search engine)

womble
  • 98,245