Fixing the problem when Network Access is connecting to RDS

Checking if the AWS Client VPN is enabled

1. Go to the Citadel Run site;
2. Select Environments on the menu;
3. On the Environment page, select the environment you want to check;
4. Select Network Access; and
5. Check if the AWS Client VPN is enabled.

Checking if the Private Bastion is enabled

1. Go to the Citadel Run site;
2. Select Environments on the menu;
3. On the Environment page, select the environment you want to check;
4. Select Network Access; and
5. Check if the AWS Client VPN is enabled.

Configuring the connection between RDS and Network Access

1. Go to the AWS Console and log in with a role that allows you to change the AWS Security Group;
2. Go to the RDS service;
3. Go to Databases and select the instance RDS you need to connect;
4. In Connectivity & security, find the VPC security groups and click on it;
5. In the “Security groups” page, select Inbounds rules;
6. Select “Edit inbound rules”;
7. Add a new rule by selecting the Add rule button;
8. Leave the custom field as it is and add the service of the Network Access service ID you want to use to connect your RDS (AWS Client VPN or Private Bastion).

You can find it on the Security Group page. Look for the the Security Group prefix name: citadel-workload-network-access-private-bastion-SecurityGroup or citadel-workload-network-access-client-vpn-SecurityGroup;

9. Click and “Save rules”.