Amazon RDS Endpoint internal

Question

How can I make ec2 instance communicate with rds instance on aws by internal ip address or dns? I only see public dns like xxx.cehmrvc73g1g.eu-west-1.rds.amazonaws.com:3306 Will internal ipaddress will be faster than public dns?

Thanks

score 29 · Answer 1 · edited Jun 20 '20 at 09:12

A note for posterity, ensure that you enable DNS on the VPC Peering link!

Enabling DNS Resolution Support for a VPC Peering Connection

To enable a VPC to resolve public IPv4 DNS hostnames to private IPv4 addresses when queried from instances in the peer VPC, you must modify the peering connection.

Both VPCs must be enabled for DNS hostnames and DNS resolution.

To enable DNS resolution support for the peering connection

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

In the navigation pane, choose Peering Connections.

Select the VPC peering connection, and choose Actions, Edit DNS Settings.

To ensure that queries from the peer VPC resolve to private IP addresses in your local VPC, choose the option to enable DNS resolution for queries from the peer VPC.

If the peer VPC is in the same AWS account, you can choose the option to enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peer VPC is in a different AWS account.

Choose Save.

If the peer VPC is in a different AWS account, the owner of the peer VPC must sign into the VPC console, perform steps 2 through 4, and choose Save.

Thanks! Didn't know about this one! Strange it isn't a default. — TJ Biddle, Oct 20 '17 at 17:07
Note that you can't do this if you're trying to do peering across different regions. :( Still looking for a solution in that case. — szeitlin, Sep 20 '18 at 19:55
It does work across regions, but you have to enable it separately on both ends. — bgdnlp, Sep 19 '20 at 16:04

score 10 · Answer 2 · edited Apr 13 '17 at 12:13

10

You can use the "Endpoint" DNS name. It will resolve to the internal IP when used within the VPC and resolves to a public ip when used outside of your AWS network. You should never use the actual IP address because the way the RDS works it could possibly change in the future.

If you ping it from your EC2 (on the same VPC) server you can verify this.

It is amazing to see the amount of down votes I've got given that my answer is the only correct answer, here is 2 other sources:

https://forums.aws.amazon.com/thread.jspa?threadID=70112

You can use the "Endpoint" DNS name. It will resolve to the internal IP when used within EC2.

https://serverfault.com/questions/601548/cant-find-the-private-ip-address-for-my-amazon-rds-instance 2

The DNS endpoint provided in the AWS console will resolve to the internal IPs from within Amazon's network.

edited Apr 13 '17 at 12:13

Community

1
1

answered Nov 02 '14 at 19:59

Neo

9,784
2
65
74

4

Doesn't work with VPC peering. When peering into the VPC of the RDS instance, the endpoint doesn't resolve to internal IP when being used from within anoher VPC. – Ashesh Sep 05 '15 at 12:09
@Ashesh what you are describing is irrelevant to the question here, and thanks for the -1. – Neo Sep 15 '15 at 01:58
3

It isn't irrelevant and your answer is misleading. If the RDS instance is publicly accessible, its endpoint never resolves to the internal IP from another VPC (and hence your assumption about 'inside EC2' fails here). It'll always resolve to the external IP. The RDS instance has to be non-publicly accessible to have an endpoint that resolves to an internal IP. – Ashesh Sep 17 '15 at 15:18
1

I think this answer is absolutely correct. The original question is not talking about VPC peering. – spoonboy Jun 20 '16 at 05:10
1

@Ashesh see filipe-alvarez 's answer regarding this – TJ Biddle Oct 20 '17 at 17:08
@TJBiddle Are you trying to convince this guy after 2 years. lol. – Neo Nov 02 '17 at 20:33
2

@Neo Hey - if it helps someone else 2 years from now! – TJ Biddle Nov 03 '17 at 13:21
@Neo Mine resolves to the external IP even when connecting from inside the VPC :( -- Any ideas?! – emmdee Sep 11 '18 at 21:54

score 4 · Accepted Answer · answered Jan 13 '14 at 16:36

4

Check out the AWS EC2 docs: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-private-addresses.

It doesn't appear that this necessarily applies to RDS, however.

answered Jan 13 '14 at 16:36

Ryan Parman

6,598
1
24
43

2

Yes, It automatically translate enpoin to internal ip if I connect to RDS from inside aws network. – Jerry Pham Jan 13 '14 at 18:40

Simon Pilepich · Answer 4 · 2016-01-06T12:26:59.267

When resolving your RDS instance from within the same VPC the internal IP is returned by the Amazon DNS service.

If the RDS instance is externally accessible you will see the external IP from outside the VPC. However, if the EC2 instance NOT available publiclly the internal IP address is returned to external and internal lookups.

Will internal ip address will be faster than the external address supplied by public dns? Most likely as the packets will need to be routed when using the external addresses, increasing latency.

It also requires that your EC2 instances have a public IP or NAT gateway along with appropriate security groups and routes, increasing cost, increasing complexity and reducing security.

I feel like this answer might contain information that would be useful to me, but I can't quite understand what you're saying needs to be done. — szeitlin, Sep 20 '18 at 19:58

score 0 · Answer 5 · answered Sep 27 '16 at 13:56

0

its pretty easy, telnet your RDS endpoint using command prompt on windows or through unix terminal

for example: telnet "you RDS endpoint" "Port"

trying to connect "You get your RDS internal IP here"

answered Sep 27 '16 at 13:56

Raun

19
1

Amazon RDS Endpoint internal

5 Answers5

Enabling DNS Resolution Support for a VPC Peering Connection

Linked