Issues connecting to resources in AWS

We seem to be having issues connecting to AWS RDS Postgres instances when using Zero Trust Gateway and the Warp client.

We have cloudflared installed in a K8S instance in our headquarters. The K8S cluster is able to access resources in AWS. There are security groups in place for the node IP’s. From a K8S node, I can use pgql for example to connect to an RDS Postgres instance.

In Cloudflare, I have a gateway rule to allow my email address access to anything by IP address. The AWS IP’s are in the list and I can access resources within HQ without a problem. DNS resolution works and resolves the internal IP without a problem.

It was my understanding based on tests, that the remote client, RDS, EC2, etc., will see the IP address of the K8S node that cloudflared is running on. E.g., in ADFS, I can see the node IP as the connecting IP.

However when I connect to anything within AWS, I get a connection closed:

e.g.
ssh -i “Test.pem” [email protected]
kex_exchange_identification: Connection closed by remote host
Connection closed by 10.128.2.190 port 22

or

psql: error: connection to server at rdsserver.us-east-2.rds.amazonaws.com(10.128.0.85), port 5432 failed: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.

I’m completely stumped as to why traffic is either being rejected on the AWS side or not allowed through the Cloudflare Zero Trust Gateway.

Solve it myself - make sure you actually inject the network subnets into the cloudflared tunnel. Not enough coffee yesterday!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.