DEV Community


Create a simple VPC Peer between Kubernetes and RDS(postgres)

Imran Hayder
Software engineer focusing on CI/CD with Jenkins, Kubernetes
・2 min read

Create a VPC Peering connection between EKS Kubernetes and RDS Postgres

Note: this script assumes your resources names are created as $EKS_CLUSTER/<NAME_OF_RESOURCE> so EKS VPC is $EKS_CLUSTER/VPC
please fix this script according to your naming convention

Set some basic information like EKS names / VPC Names

Setting variables for EKS cluster:


and for RDS:


Get VPC ID of acceptor i.e. RDS

echo "getting the VPC ID and CIDR of acceptor(RDS instance)"
ACCEPT_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].VpcId --output text)
ACCEPT_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

Get VPC ID of requestor i.e. EKS

REQUEST_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].VpcId --output text)
REQUEST_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)

get Public Route table ID of requestor and acceptor

REQ_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$EKS_PUBLIC_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)
ACCEPT_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$RDS_PRIVATE_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)

Create Peering Connection

peerVPCID=$(aws $DRY_RUN ec2 create-vpc-peering-connection --vpc-id $REQUEST_VPC_ID --peer-vpc-id $ACCEPT_VPC_ID --query VpcPeeringConnection.VpcPeeringConnectionId --output text)
aws $DRY_RUN ec2 accept-vpc-peering-connection --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-tags --resources "$peerVPCID" --tags 'Key=Name,Value=eks-peer-rds'

Adding the private VPC CIDR block to our public VPC route table as destination

aws $DRY_RUN ec2 create-route --route-table-id "$REQ_ROUTE_ID" --destination-cidr-block "$ACCEPT_CIDR" --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-route --route-table-id "$ACCEPT_ROUTE_ID" --destination-cidr-block "$REQUEST_CIDR" --vpc-peering-connection-id "$peerVPCID"

Add a rule that allows inbound RDS (from our Public Instance source)

RDS_VPC_SECURITY_GROUP_ID=$(aws rds describe-db-instances --db-instance-identifier $RDS_DB_NAME --query=DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId --output text)
aws ec2 authorize-security-group-ingress --group-id ${RDS_VPC_SECURITY_GROUP_ID} --protocol tcp --port 5432 --cidr "$REQUEST_CIDR"


  1. Run postgresql container :

    kubectl run -i --tty --rm postgresdebug --image=alpine:3.5 -- 
     restart=Never -- sh
  2. install postgresql:

    apk update
    apk add postgresql
  3. Run PSQL:

    psql -h <HOST> -U <USER>
    Password for user <USER>:
    psql (9.6.10, server 9.6.15)
    SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM- 
    SHA384, bits: 256, compression: off)
    Type "help" for help.

Discussion (2)

elepolt profile image

Thank you this was extremely useful. I have a quick question on how this might work if I need a second EKS VPC to peer to my RDS. Following the same commands gives me an error that there's a duplicate route and rule for, therefore my second EKS is timing out.

marktwallace profile image
Mark Wallace

Thanks for the helpful example! I used this to create a script to automate creating peering for my EKS and Aurora VPC's. I found that one step was left out: we also need to allow DNS resolution between the VPC's. The extra command needed, following the pattern above, is:

aws $DRY_RUN ec2 modify-vpc-peering-connection-options \
--vpc-peering-connection-id "$peerVPCID" \
--requester-peering-connection-options '{"AllowDnsResolutionFromRemoteVpc":true}' \
--accepter-peering-connection-options '{"AllowDnsResolutionFromRemoteVpc":true}'