I have created a security group and an RDS instance according to the following:
resource "aws_security_group" "database" {
name = "DB Host"
ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_db_instance" "arapbi" {
identifier_prefix = "arapbi"
engine = "postgres"
allocated_storage = 10
instance_class = "db.t4g.micro"
db_name = "arapbi"
username = var.db_username
password = var.db_password
vpc_security_group_ids = ["${aws_security_group.database.id}"]
skip_final_snapshot = true
tags = {
Name = "ARAPBI"
Tag = "Managed by Terraform"
}
}
output "rds_endpoint" {
description = "The endpoint of the RDS instance"
value = aws_db_instance.arapbi.endpoint
}
This successfully creates the security group and RDS instance, and returns the RDS endpoint after running.
When I attempt to connect to the RDS database with DBeaver, my connection times out. I'm not sure why.
I understand that I'm exposing this DB to the public internet with this SG; I intend to lock down the CIDR groups much more substantially after I can get the connection working. I'm confused why I can't connect to the instance given the security group I have attached. Others have advised this same solution and apparently it works for them. I'm not sure why I can't connect to my RDS instance, given what I've configured with Terraform.
Has anyone run into this kind of problem before? Can you share your solution please?
You have not made the database public yet. You need to set the publicly_accessible attribute to true on the aws_db_instance resource. That setting controls if the database server gets a public IP address. Right now your database does not have a public IP address, so it can only be accessed from within the VPC.
You also need to make sure the VPC subnets are public subnets. You don't appear to have specified any subnets, so I guess it would be using the default VPC which only has public subnets by default.