AWS: How to connect VPN clients to RDS (VPN server EC2 and RDS are in the same VPC)

Question

I have an EC2 that run as a VPN server. In the same VPC I have a RDS instance and another EC2 instance in a private subnet.

I have devices that connects to the VPN server and I have configured that they can communicate with each-other and with the private EC2 too. But I can't make them to communicate with the RDS instance.

I have configured the Security Group of the RDS to allow all inbound traffic from the SG of both EC2, tried to allow even All Traffic from 0.0.0.0/0 a still VPN clients can't communicate with the RDS. I see that RDS can communicate inside the VPC but not outside it. Once upon a time a remember and I'm sure that I was connected from my local MySQL Workbench to the RDS(3 years ago)

Is there anyway to make this work?

Answer 1

Your answer may be in this OpenVPN Support thread. I'm running into the same issue. From what I gather, when you're connected over vpn, public IPs and DNS names won't resolve. You can connect to other EC2 instances easily using private IPs. But the RDS instance's IP is not static, so it must be resolved using it's host name. The solution apparently is to make your OpenVPN server use the Amazon DNS server, so that it can resolve the RDS instance by its host name.