Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
VPC Peering Between EKS and RDS postgres
#!/bin/bash -xe
## Create a VPC Peering connection between EKS and RDS Postgres
echo """ run this script as:
./eks-rds-peering.sh
+ read -p 'Enter name of EKS Cluster: ' EKS_CLUSTER
Enter name of EKS Cluster: xolv-dev-cluster
+ EKS_VPC=eksctl-xolv-dev-cluster-cluster/VPC
+ EKS_PUBLIC_ROUTING_TABLE=eksctl-xolv-dev-cluster-cluster/PublicRouteTable
+ read -p 'Enter name of RDS: ' RDS_DB_NAME
Enter name of RDS: sfstackuat
+ read -p 'Enter name of RDS VPC: ' RDS_VPC
Enter name of RDS VPC: sfstack-uat-vpc
+ RDS_PRIVATE_ROUTING_TABLE=sfstack-uat-vpc-private
"""
# Note: this script assumes your resources names are created as $EKS_CLUSTER/<NAME_OF_RESOURCE> so EKS VPC is $EKS_CLUSTER/VPC
# please fix this script according to your naming convention
# Set some basic information
read -p "Enter name of EKS Cluster: " EKS_CLUSTER
EKS_VPC=eksctl-"$EKS_CLUSTER"-cluster/VPC
EKS_PUBLIC_ROUTING_TABLE=eksctl-"$EKS_CLUSTER"-cluster/PublicRouteTable
read -p "Enter name of RDS: " RDS_DB_NAME # e.g. sfstackuat
read -p "Enter name of RDS VPC: " RDS_VPC # e.g. sfstack-uat-vpc
RDS_PRIVATE_ROUTING_TABLE="$RDS_VPC"-private
## Get VPC ID of acceptor i.e. RDS
echo "getting the VPC ID and CIDR of acceptor(RDS instance)"
ACCEPT_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].VpcId --output text)
ACCEPT_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)
## Get VPC ID of requestor i.e. EKS
REQUEST_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].VpcId --output text)
REQUEST_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text)
## get Public Route table ID of requestor and acceptor
REQ_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$EKS_PUBLIC_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)
ACCEPT_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$RDS_PRIVATE_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text)
### Create Peering Connection
read -p "Are you sure to create peering connection? " -n 1 -r response
echo # (optional) move to a new line
if [[ $response =~ ^[Yy]$ ]]
then
# do dangerous stuff
peerVPCID=$(aws $DRY_RUN ec2 create-vpc-peering-connection --vpc-id $REQUEST_VPC_ID --peer-vpc-id $ACCEPT_VPC_ID --query VpcPeeringConnection.VpcPeeringConnectionId --output text)
aws $DRY_RUN ec2 accept-vpc-peering-connection --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-tags --resources "$peerVPCID" --tags "Key=Name,Value=$EKS_CLUSTER-$RDS_DB_NAME"
else
exit 0
fi
#### Adding the private VPC CIDR block to our public VPC route table as destination
aws $DRY_RUN ec2 create-route --route-table-id "$REQ_ROUTE_ID" --destination-cidr-block "$ACCEPT_CIDR" --vpc-peering-connection-id "$peerVPCID"
aws $DRY_RUN ec2 create-route --route-table-id "$ACCEPT_ROUTE_ID" --destination-cidr-block "$REQUEST_CIDR" --vpc-peering-connection-id "$peerVPCID"
### Add a rule that allows inbound RDS (from our Public Instanes source)
RDS_VPC_SECURITY_GROUP_ID=$(aws rds describe-db-instances --db-instance-identifier $RDS_DB_NAME --query=DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId --output text)
aws ec2 authorize-security-group-ingress --group-id ${RDS_VPC_SECURITY_GROUP_ID} --protocol tcp --port 5432 --cidr "$REQUEST_CIDR"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment