How to make my AWS RDS accessible from Retool

Hey team,

Quick question regarding the RDS.
We want to configure retool for monitoring some of our data, and we ran into some issues with the setup.

Retool wants us to make our RDS public, which is ok since they provided 3 IP addresses we should add to VPC security group.

Anyhow, the problem is that we are losing the access from our BE app when we switch the accessibility from private to public.

I’ve rerouted the subnet to point to Internet Gateaway, so now it works ok.
Although we are a bit concern that now everyone can try and access our database.

Do you have maybe some suggestions on how to approach this issue?

Hi @nemanjajuice ,

Can you use VPC peering with Retool? (I am not seeing this option from their documentation, but it would be the best option since it’s very secure and possible with Qovery and AWS).

If not, then we’ll need to consider adding a way to manage IP whitelisting. I might have a temporary solution for you. (I can explain if VPC peering with Retool is not possible)

cc @Florian_Lepont

Hi @rophilogene

Thanks for your answer!
I will try the solution with peering connections.

I’ll update you once I have more info.

Hey @rophilogene

I just tried this peering connection stuff, and it won’t work unfortunatelly.

@nemanjajuice , here is a schema of what you can do:

  1. Connect to your AWS account
  2. Create a VPC (with a different subnet from the Qovery VPCs)
  3. Add an Internet Gateway
    a. Configure a static IP with an additional NAT Gateway
    b. Whitelist Retool static IP addresses
  4. Configure the VPC peering with Qovery (check out this guide)
  5. Check if you are able to connect to your RDS instance via Retool

If it does not work, check that the routing configuration between your VPCs is working well.

Let me know.

Note: I’ve discussed with @Pierre_Mavro (CTO) and we’ll try to provide a long-term solution with IP whitelisting from Qovery directly.

1 Like

Let me know @nemanjajuice if you need any help on this.