Accessing MySQL Aurora RDS cluster cross-region without VPC Peering or Port 22 blocking

Hello,

We have a MySQL Aurora RDS cluster running in US-East-1. We want the cluster accessed by Lambda & EC2 in US-East-2. How can i access the Cluster Cross-Region?
Our security team is against establishing VPC Peering and Blocked 22 Ports for any purpose.

What are our options?

Appreciate any inputs.

Thanks.

https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/

Thanks Dymtro… looking into this…

Depends also on what you need to accomplish. You can have cross-region read-replicas that replicate over AWS’s private networks. If you can move to Aurora, you can also have https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-write-forwarding.html|write-forwarding (it’s slower from other regions, but it’s great for some use cases that are not latency sensitive).

Also, your security team is missing the point. :slightly_smiling_face:

(sorry, noticed you were already on aurora - if it’s not to expensive, use write forwarding for aurora global database)

It also adds a very good DR story. Read up on it https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.advantages|here.

thanks Chris… i will look into your replies… appreciate it…

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html another option - in the same account (or even not, but you have to jump), you can enable and use the data API and grant the permissions to the role for the lambda and the role attached to the EC2 instance profile.