Customer-owned IP addresses for Amazon RDS on Amazon Outposts - Amazon Relational Database Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Customer-owned IP addresses for Amazon RDS on Amazon Outposts

Amazon RDS on Amazon Outposts uses information that you provide about your on-premises network to create an address pool. This pool is known as a customer-owned IP address pool (CoIP pool). Customer-owned IP addresses (CoIPs) provide local or external connectivity to resources in your Outpost subnets through your on-premises network. For more information about CoIPs, see Customer-owned IP addresses in the Amazon Outposts User Guide.

Each RDS on Outposts DB instance has a private IP address for traffic inside its virtual private cloud (VPC). This private IP address isn't publicly accessible. You can use the Public option to set whether the DB instance also has a public IP address in addition to the private IP address. Using the public IP address for connections routes them through the internet and can result in high latencies in some cases.

Instead of using these private and public IP addresses, RDS on Outposts supports using CoIPs for DB instances through their subnets. When you use a CoIP for an RDS on Outposts DB instance, you connect to the DB instance with the DB instance endpoint. RDS on Outposts then automatically uses the CoIP for all connections from both inside and outside of the VPC.

CoIPs can provide the following benefits for RDS on Outposts DB instances:

  • Lower connection latency

  • Enhanced security

Using CoIPs

You can turn CoIPs on or off for an RDS on Outposts DB instance using the Amazon Web Services Management Console, the Amazon CLI, or the RDS API:

  • With the Amazon Web Services Management Console, choose the Customer-owned IP address (CoIP) setting in Access type to use CoIPs. Choose one of the other settings to turn them off.

    
                        The Customer-owned IP address (CoIP) setting in the Amazon Web Services Management Console.
  • With the Amazon CLI, use the --enable-customer-owned-ip | --no-enable-customer-owned-ip option.

  • With the RDS API, use the EnableCustomerOwnedIp parameter.

You can turn CoIPs on or off when you perform any of the following actions:

Note

In some cases, you might turn on CoIPs for a DB instance but Amazon RDS isn't able to allocate a CoIP for the DB instance. In such cases, the DB instance status is changed to incompatible-network. For more information about the DB instance status, see Viewing Amazon RDS DB instance status.

Limitations

The following limitations apply to CoIP support for RDS on Outposts DB instances:

  • When using a CoIP for a DB instance, make sure that public accessibility is turned off for that DB instance.

  • Make sure that the inbound rules for your VPC security groups include the CoIP address range (CIDR block). For more information about setting up security groups, see Provide access to your DB instance in your VPC by creating a security group.

  • You can't assign a CoIP from a CoIP pool to a DB instance. When you use a CoIP for a DB instance, Amazon RDS automatically assigns a CoIP from a CoIP pool to the DB instance.

  • You must use the Amazon Web Services account that owns the Outpost resources (owner) or share the following resources with other Amazon Web Services accounts (consumers) in the same organization:

    • The Outpost

    • The local gateway (LGW) route table for the DB instance's VPC

    • The CoIP pool or pools for the LGW route table

    For more information, see Working with shared Amazon Outposts resources in the Amazon Outposts User Guide.