0

I tried to access the aws service rds and elasticache redis through fargate's task role.

I connected the full access of the service to the task role, but it was not connected, so I allowed the subnet with the security group setting, and the connection was possible.

Is it possible to access only after setting the original role and security group?

Or did I not set the role properly?

1 Answer 1

0

The permissions in the task role gives access to the AWS API, which would give your task the ability to do things like create new RDS or ElastiCache servers. Those IAM permissions do not give it access to connect to RDS or ElastiCache servers, and adding those permissions certainly don't do anything at the network level to open up ports in your database server's firewalls.

To connect to your RDS server you need to make a network connection with a database driver (PostgreSQL, MySQL, whatever RDBMS you selected) on that database server's network port. Similarly to connect to your ElastiCache server you have to use a Redis client to make a connection on the port Redis is listening on. Making those connections to your databases do not use the task IAM role at all, because they aren't doing anything with the AWS API, they are making direct database network connections.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .