Skip to content

Swift Server Guide - Accessing AWS RDS via VPN with a Private Address #1242

New issue
New issue
Open
Open
Swift Server Guide - Accessing AWS RDS via VPN with a Private Address#1242
Labels
documentationImprovements or additions to documentation
@heckj

Description

@heckj
heckj
opened on Nov 18, 2025

Outline 5. Accessing AWS RDS via VPN with a Private Address

Accessing AWS RDS via VPN with a Private Address

In this chapter, we transition from using a publicly accessible AWS RDS instance (as demonstrated in Chapter 3) to configuring the RDS instance to be private. With the RDS instance set to "Not publicly accessible" and a VPN connection (configured in Chapter 4), your locally running Docker Compose setup will only be able to connect when the VPN is active.

Table of Contents

1. Modifying the RDS Instance to Private

Before attempting to reconnect from your local environment, update the RDS instance settings in the AWS Console as follows:

  1. Navigate to the AWS Console:
    • Go to Aurora and RDS -> Databases and select the database instance created in Chapter 2 (Creating a PostgreSQL RDS Service on AWS).
  2. Modify the Instance:
    • Click on the Modify button.
    • Under the Connectivity section, open the Additional Configuration.
    • Select the Not publicly accessible option.
    • Click the Continue button.
    • Choose the Apply Immediately option.
    • Click on the Modify DB Instance button.
    • Wait around 5 minutes for the changes to take effect.

2. Testing the RDS Connection without VPN

With the RDS instance now private, try to run the Docker Compose configuration as before:

docker compose -f aws-hummingbird-docker-compose.yaml up

You should receive a connection error indicating that your local environment cannot reach the private RDS instance directly.

3. Establishing the VPN Connection

To access the private RDS instance, establish a VPN connection as detailed in Chapter 4 (AWS VPN Client Endpoint Creation).

  1. Connect to the VPN:
    • Use the VPN client configured with the OpenVPN settings downloaded in Chapter 4.
  2. Re-run the Docker Compose Setup:
    • Once the VPN connection is active, run the Docker Compose setup again:
docker compose -f aws-hummingbird-docker-compose.yaml up

This time, the connection to the RDS instance should succeed because the VPN provides secure, private network access to your AWS resources.

Summary

  • RDS Modification: The RDS instance was updated to be private by selecting the "Not publicly accessible" option in the AWS Console.
  • Testing Failure: Without the VPN, the locally running Docker Compose setup fails to connect, confirming the instance is not publicly accessible.
  • VPN Connection: Establishing the VPN connection (as configured in Chapter 4) restores access, allowing your Docker Compose instance (from Chapter 3) to connect successfully to the private RDS instance.

This chapter completes the secure setup for accessing your AWS RDS instance using a VPN connection. For detailed context and setup procedures, refer back to Chapters 1 through 4.

Enjoy the enhanced security and connectivity!

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions