undefined | Better HN

0 pointsfulafel6y ago0 comments

Yeah, this kind of thing is part of what I meant when I criticised AWS encouraging VPC use instead of end-to-end security.

But off the top of my head, you could always use the firewall API from the lambda to open network access between it and the RDS when the lambda starts. (In addition to using certs or IAM security on your TLS connection to the RDS db)

0 comments

scarface746y ago

And then you are depending on a proprietary connection and authentication protocol instead of being able to use the standard MySQL/Postgres drivers.

Also, how do you handle the commercial hosted databases like Sql Server and Oracle?

fulafelOP6y ago

Certs is a standard feature. IAM doesn't require nonstandard client or protocol features either (see https://aws.amazon.com/premiumsupport/knowledge-center/users...).

I think with client certs work fine with SQL Server and Oracle too, with standard clients.

But I'm sure you can come up with imagined scenarios where you end up cornered to use VPCs. I get it, these situations may exist. I'm just saying they suck, not that you'll never have to resort to them.

j / k navigate · click thread line to collapse