Allow inter-region aurora to rosa connections

keycloak · Jul 20, 2023 · 255a9d8 · 255a9d8
1 parent 3597aea
commit 255a9d8
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/provision/aws/rds/aurora_create_peering_connection.sh b/provision/aws/rds/aurora_create_peering_connection.sh
@@ -65,6 +65,17 @@ aws ec2 create-route \
   --destination-cidr-block ${AURORA_VPC_CIDR} \
   --vpc-peering-connection-id ${PEERING_CONNECTION_ID}
 
+# Update the Aurora Cluster VPC's Route Table
+AURORA_PUBLIC_ROUTE_TABLE_ID=$(aws ec2 describe-route-tables \
+  --filters "Name=vpc-id,Values=${AURORA_VPC}" "Name=association.main,Values=true" \
+  --query "RouteTables[*].RouteTableId" \
+  --output text
+)
+aws ec2 create-route \
+  --route-table-id ${AURORA_PUBLIC_ROUTE_TABLE_ID} \
+  --destination-cidr-block 10.0.0.0/16 \
+  --vpc-peering-connection-id ${PEERING_CONNECTION_ID}
+
 # Update the RDS Instance's Security Group
 AURORA_SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \
   --filters "Name=group-name,Values=${AURORA_SECURITY_GROUP_NAME}" \

diff --git a/provision/aws/rds/aurora_delete_peering_connection.sh b/provision/aws/rds/aurora_delete_peering_connection.sh
@@ -48,6 +48,19 @@ if [ -n "${ROSA_PUBLIC_ROUTE_TABLE_ID}" ]; then
     --destination-cidr-block ${AURORA_VPC_CIDR} || true
 fi
 
+# Remove the ROSA route from the Aurora cluster
+AURORA_PUBLIC_ROUTE_TABLE_ID=$(aws ec2 describe-route-tables \
+  --filters "Name=vpc-id,Values=${AURORA_VPC}" "Name=association.main,Values=true" \
+  --query "RouteTables[*].RouteTableId" \
+  --output text
+)
+
+if [ -n "${AURORA_PUBLIC_ROUTE_TABLE_ID}" ]; then
+  aws ec2 delete-route \
+    --route-table-id ${ROSA_PUBLIC_ROUTE_TABLE_ID} \
+    --destination-cidr-block 10.0.0.0/16 || true
+fi
+
 # Delete the Aurora VPC Security Group
 if [ -n ${AURORA_REGION} ]; then
   AURORA_VPC=$(aws ec2 describe-vpcs \