[aidos]

I believe AWS stop you from connecting to anything outside your RDS subnet.

[IgorPartola]

Then get you outside DB server via a VPN.

[aidos]

Unless something has changed, that's the problem. When I last looked RDS was a sandboxed environment. You can't ssh to it or connect it to a VPN.

[IgorPartola]

You don't need to get the RDS box on a VPN. Instead, you get your server in your data center into the AWS VPC via the AWS Gateway VPN thing. From there you tell your data center server that it's master is the RDS box and you should be all good (assuming you can do the usual song and dance with the full DB dump and replication coordinates).