I have a question about EC2 and RDS instances.
I'd like to restrict connection to the database only from one particular EC2 instance using MySQL users.
Security groups allow MySQL communication from EC2 instances to the RDS instances.
The situation is as follow:
- An EC2 instance in the security group ec2_instances
- An RDS instance in the security group rds_instances
- An admin user on the RDS instance with the following config: 'admin'@'%'
I'd like to create a MySQL user to restrict only the DNS name of a particular EC2 instance.
I've created some users named:
- 'testi'@'ip-int_ip.eu-west-1.compute.internal'
- 'teste'@'ec2-elastic_ip.eu-west-1.compute.amazonaws.com'
- 'testp'@'internal_route_53_dns'
None of those work, it looks just like the RDS instance wasn't doing any PTR request to lookup the client's ip…
I always get the following error, which makes me think it doesn't even reverse lookup the IP:
ERROR 1045 (28000): Access denied for user 'testi'@'internal_ip'
(using password: YES)
Since I am sharing a security group for all EC2 instances and another group for all the RDS instances, I'd like a way of "coupling" an EC2 with an RDS one.
Best Answer