Last active
August 1, 2024 13:33
-
-
Save imranity/0eb7c47588c4e347329b089985807535 to your computer and use it in GitHub Desktop.
VPC Peering Between EKS and RDS postgres
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -xe | |
## Create a VPC Peering connection between EKS and RDS Postgres | |
echo """ run this script as: | |
./eks-rds-peering.sh | |
+ read -p 'Enter name of EKS Cluster: ' EKS_CLUSTER | |
Enter name of EKS Cluster: xolv-dev-cluster | |
+ EKS_VPC=eksctl-xolv-dev-cluster-cluster/VPC | |
+ EKS_PUBLIC_ROUTING_TABLE=eksctl-xolv-dev-cluster-cluster/PublicRouteTable | |
+ read -p 'Enter name of RDS: ' RDS_DB_NAME | |
Enter name of RDS: sfstackuat | |
+ read -p 'Enter name of RDS VPC: ' RDS_VPC | |
Enter name of RDS VPC: sfstack-uat-vpc | |
+ RDS_PRIVATE_ROUTING_TABLE=sfstack-uat-vpc-private | |
""" | |
# Note: this script assumes your resources names are created as $EKS_CLUSTER/<NAME_OF_RESOURCE> so EKS VPC is $EKS_CLUSTER/VPC | |
# please fix this script according to your naming convention | |
# Set some basic information | |
read -p "Enter name of EKS Cluster: " EKS_CLUSTER | |
EKS_VPC=eksctl-"$EKS_CLUSTER"-cluster/VPC | |
EKS_PUBLIC_ROUTING_TABLE=eksctl-"$EKS_CLUSTER"-cluster/PublicRouteTable | |
read -p "Enter name of RDS: " RDS_DB_NAME # e.g. sfstackuat | |
read -p "Enter name of RDS VPC: " RDS_VPC # e.g. sfstack-uat-vpc | |
RDS_PRIVATE_ROUTING_TABLE="$RDS_VPC"-private | |
## Get VPC ID of acceptor i.e. RDS | |
echo "getting the VPC ID and CIDR of acceptor(RDS instance)" | |
ACCEPT_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].VpcId --output text) | |
ACCEPT_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$RDS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text) | |
## Get VPC ID of requestor i.e. EKS | |
REQUEST_VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].VpcId --output text) | |
REQUEST_CIDR=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$EKS_VPC --query=Vpcs[0].CidrBlockAssociationSet[0].CidrBlock --output text) | |
## get Public Route table ID of requestor and acceptor | |
REQ_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$EKS_PUBLIC_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text) | |
ACCEPT_ROUTE_ID=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$RDS_PRIVATE_ROUTING_TABLE --query=RouteTables[0].RouteTableId --output text) | |
### Create Peering Connection | |
read -p "Are you sure to create peering connection? " -n 1 -r response | |
echo # (optional) move to a new line | |
if [[ $response =~ ^[Yy]$ ]] | |
then | |
# do dangerous stuff | |
peerVPCID=$(aws $DRY_RUN ec2 create-vpc-peering-connection --vpc-id $REQUEST_VPC_ID --peer-vpc-id $ACCEPT_VPC_ID --query VpcPeeringConnection.VpcPeeringConnectionId --output text) | |
aws $DRY_RUN ec2 accept-vpc-peering-connection --vpc-peering-connection-id "$peerVPCID" | |
aws $DRY_RUN ec2 create-tags --resources "$peerVPCID" --tags "Key=Name,Value=$EKS_CLUSTER-$RDS_DB_NAME" | |
else | |
exit 0 | |
fi | |
#### Adding the private VPC CIDR block to our public VPC route table as destination | |
aws $DRY_RUN ec2 create-route --route-table-id "$REQ_ROUTE_ID" --destination-cidr-block "$ACCEPT_CIDR" --vpc-peering-connection-id "$peerVPCID" | |
aws $DRY_RUN ec2 create-route --route-table-id "$ACCEPT_ROUTE_ID" --destination-cidr-block "$REQUEST_CIDR" --vpc-peering-connection-id "$peerVPCID" | |
### Add a rule that allows inbound RDS (from our Public Instanes source) | |
RDS_VPC_SECURITY_GROUP_ID=$(aws rds describe-db-instances --db-instance-identifier $RDS_DB_NAME --query=DBInstances[0].VpcSecurityGroups[0].VpcSecurityGroupId --output text) | |
aws ec2 authorize-security-group-ingress --group-id ${RDS_VPC_SECURITY_GROUP_ID} --protocol tcp --port 5432 --cidr "$REQUEST_CIDR" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment