Hi guys, I’m wondering what’s the canonical way wi...
# aws
Hi guys, I’m wondering what’s the canonical way with Pulumi to access and manage RDS instances/clusters in a private subnet ? I created a postgresql provider with
but obviously it can’t reach the
which does not resolve outside my vpc/subnet. I was thinking using an
but not sure I can then use some kind of provider from it to connect my program to the vpn and access the rds instances. Thanks for your ideas/rex !
The best I’ve come up with so far is an a lambda in the same private subnet that can run the provisioner. However, pulumi currently has a limitation where it won’t package (some of) its own libraries in lamdbas, so it would have to be deployed separately. Inline with your approach would maybe be setting up a bastion with a ssh local forward to the rds host, establishing the ssh connection before running
pulumi up
@millions-furniture-75402 thanks ! Indeed I came up with more or less the same conclusion (giving what I know/understand so far), but didn’t think using lambdas for provisioning, that’s a neat idea. I was actually thinking setting up the vpn in another pulumi project and then start a client as a prerequisite on the provisioner host before running the
pulumi up
for the main platform project.
But I was wondering if there was an easier way because it add some work and complexity to the pipeline then.
Let me know what approach you end up going with. Right now I’ve settled for having a manual step for provisioning databases with the aid of a script on a bastion.
i personally use a vpn, although the clientvpn was a little bit of a pain to set up. I switched to using tailscale and a bastion host, and it works pretty flawlessly https://twitter.com/briggsl/status/1283141723489595392?s=20
🤩 1
@billowy-army-68599 great, thanks ! I’ll have a look and keep you guys updated here
Nice, @billowy-army-68599! I'll have to look closer at your solution, and Tailscale!