DEV Community 👩‍💻👨‍💻

Cover image for Trying New RDS Feature : Connectivity With EC2 In 1-Click?
Nurul Ramadhona for AWS Community Builders

Posted on • Updated on

Trying New RDS Feature : Connectivity With EC2 In 1-Click?

Have you noticed that RDS has a new feature? Yup! 3 days ago AWS has announced that now RDS supports setting up connectivity between RDS and EC2 only in 1 click. We don't need to prepare VPC, subnets, security groups, etc. Wow! That sounds great, right? But some "T&C"s are applied to make this feature work properly. How does it work?

RDS EC2 Connectivity

In case you want more information about new features, you can visit this link.

Anyway, I did all of these following practices via Console because I still can't find the CLI option for this feature maybe because it just launched (CMIIW and tell me in the comment if you know any information about this). I'm sorry if you'll see bunch of images below :)


Minimum network prefix (CIDR) per subnet is /24 to create RDS DB instance in the same VPC as EC2 instance.

For example in this case I'll be create RDS in Jakarta region (ap-southeast-3) which it has 3 AZs.


Based on my experience in "trying" this feature 2 days ago, I found some stuffs you might need to know. Here we'll play some scenarios, so we can be more understand about this feature.

1. Using Custom VPC With CIDR /22

Here I use /22 because it's enough to create subnet with /24 for each AZ (total 3). /22 can be divided into 4 pieces of /24.

Below is the diagram when I only created 1 public subnet in 1 AZ for EC2 instance before creating RDS and 2 more AZs don't have subnet yet. From this condition, 3 idle /24 is available and enough to be used by RDS to create one subnet with /24 in each AZ.

Note: In this case I used Free Tier template which Multi-AZ is disabled because it's just for personal testing purpose. That's why the automated backup is created in the same AZ and stand-by instance is not created. You can use Dev/Test or Production to make those options enabled.

RDS + Snapshot

What did RDS create?

  • 1 subnet in each AZ (total 3 subnets for 3 AZs)

3 subnets

  • 2 security groups (allow 3306 from EC2 to RDS) and both are linked each other

SG 1

SG 2

  • 1 RDS instance and its automated backup successfully created

Instance + Snapshot


RDS endpoint

RDS EC2 Connected Successfully

2. Using Default VPC

In this case, the connectivity should be successfully established because it has CIDR that big enough to create new subnet /24 in each AZ for RDS which is /16.

Default VPC

RDS VPC Default

3. Using Custom VPC With CIDR Smaller Than /22

The result is failed. Why? Because /23 only can be divided into 2 /24. See the following diagram!

RDS EC2 Failed

RDS Connectivity Failed

In this case, RDS DB instance is still created but it's using default VPC which is in different subnet from EC2.

2 new security groups are also created by RDS for the new VPC but only security group for EC2 is properly attached because RDS is using default subnet group of default VPC which is specific rule is not configured to allow incoming traffic from EC2 port 3306 to RDS.

RDS Default SG

RDS Connectivity Failed

Q: Then, how to make it work?
A: We can't do that because we can't change VPC of both RDS and EC2


If you followed my scenario number 2, it created EC2 instance and RDS in the same VPC which is default VPC and it already has 2 security groups created by RDS. So in this case, all we can do:

  1. "Move" EC2 instance to the default VPC where RDS is placed. You can create new AMI from the existing EC2 instance or create new instance. At this time, I'll use the EC2 instance that created in scenario number 2 which is placed in default VPC and the security group created by RDS is already attached to the EC2 instance.
  2. Change the current RDS DB subnet group to other subnet group in the same VPC. In this case, it's default VPC that created in scenario number 2.

Default SG

Change SG

Connected After Change SG

Alright, we've done with all the scenarios!

Clean Up

Scenario 1 (Custom VPC)

  • Delete RDS DB instance
  • Delete RDS DB subnet group
  • Terminate EC2 instance
  • Delete VPC

Scenario 2 (Default VPC)

  • Delete RDS DB instance
  • Delete RDS DB subnet group
  • Terminate EC2 instance
  • Delete security groups created by RDS (please delete rule that associated each other before delete them)
  • Delete route table for subnets created by RDS
  • Delete subnets created by RDS

Scenario 3 (same as Scenario 1)

That's it for now! Thank you for coming and I'm looking forward to your feedback. Follow me to get notified when my new post is published!

Top comments (1)

Some comments have been hidden by the post's author - find out more

Take a look at this:


Go to your customization settings to nudge your home feed to show content more relevant to your developer experience level. 🛠