Accessing RDS from within a Docker container not getting through security group?

Question

I'm attempting to run a web server that uses an RDS database with EC2 inside a Docker container.

I've set up the security groups so the EC2 host's role is allowed to access the RDS and if I try to access it from the host machine directly everything works correctly.

However, when I run a simple container on the host and attempt to access the RDS, it gets blocked as if the security group weren't letting it through. After a bunch of trial and error, it seemed that indeed the containers requests aren't appearing to come from the EC2 host so the firewall says no.

I was able to work around this in the short-run by setting --net=host on the docker container, however, this breaks a lot of great docker networking functionality like being able to map ports (ie, now I need to make sure each instance of the container listens on a different port by hand).

Has anyone found a way around this? It seems like a pretty big limitation to running containers in AWS if you're actually using any AWS resources.

Answer 1

In the same VPC, both the ECS cluster and the RDS instance should be present and it can be configured using security groups. So, we have to do it like this:

• Go to the RDS instances page
• Select the DB instance and move on to the details
• Click the Security group id
• Go to the Inbound tab and choose Edit
• Add this rule - type - MySQL/Aurora with source Custom, if exists no problem.
• While entering the custom source, type your ECS clusters name and the Security group name. It will be autocompleted for you.

Check out this official tutorial from Bitnami - https://docs.bitnami.com/aws/how-to/ecs-rds-tutorial/#step-23-set-up-amazon-ecs