When an RDS instance has a public IP, Amazon represents it as a CNAME to the EC2 instance's public IP address. This breaks authentication, as the hostname is "resolved" to "ec2-99-99-99-99.us-west-2.compute.amazonaws.com" in my below example, instead of staying as "mydatabase.something.us-west-2.rds.amazonaws.com".
➜ ~ dig mydatabase.something.us-west-2.rds.amazonaws.com
;; ANSWER SECTION:
mydatabase.something.us-west-2.rds.amazonaws.com. 5 IN CNAME ec2-99-99-99-99.us-west-2.compute.amazonaws.com.
ec2-99-99-99-99.us-west-2.compute.amazonaws.com. 21600 IN A 99.99.99.99
An option to disable the CNAME resolution, or an improvement to its algorithm would be helpful.
When an RDS instance has a public IP, Amazon represents it as a CNAME to the EC2 instance's public IP address. This breaks authentication, as the hostname is "resolved" to "ec2-99-99-99-99.us-west-2.compute.amazonaws.com" in my below example, instead of staying as "mydatabase.something.us-west-2.rds.amazonaws.com".
An option to disable the CNAME resolution, or an improvement to its algorithm would be helpful.