DEV Community

Cadu Ribeiro
Cadu Ribeiro

Posted on • Originally published at Medium on

1 1

Connecting on RDS Server that is not publicly accessible

#cloudcomputing #aws

Let’s imagine the following scenario:

You have web servers on a public subnet that you can connect and your RDS instance is hosted on a private subnet. This way, your database instance is not publicly accessible through the internet and you can’t connect your local client with it.

It’s not possible to do a:

mysql -u user -p -h RDS\_HOST
Enter fullscreen mode Exit fullscreen mode

To establish a connection with the database, you’ll need to use your public EC2 instances to act as a bridge to the RDS. Let’s make a SSH Tunnel.

ssh -i /path/to/keypair.pem -NL 9000:RDS\_ENDPOINT:3306 ec2-user@EC2\_HOST -v
Enter fullscreen mode Exit fullscreen mode
  • -i /path/to/keypair.pem : The -i option will inform the ssh which key will be used to connect. If you already added your key with ssh-add, this is not necessary. -NL — N will not open a session with the server. It will set up the tunnel. L will set up the port forwarding.
  • -NL : N will not open a session with the server. It will set up the tunnel. L will set up the port forwarding.
  • 9000:RDS_ENDPOINT:3306 : The -L option will make the port forwarding based on this argument. The first number 9000 is the local port that you want to use to connect with the remote host. RDS_ENDPOINT is the RDS host of your database instance. 3306 is the port of the remote host that you want to access (3306 is the MySQL’s default port).
  • ec2-user@EC2_HOST : How ssh your public EC2 instance.
  • -v : Is optional. With this you will print the ssh log on your terminal.

With this you can now connect to your private RDS instance using your local client.

mysql -h 127.0.0.1 -P9000 -u RDS\_USER -p
Enter fullscreen mode Exit fullscreen mode

If your EC2 instance is on a private subnet too, you will need to set up a bastion host to make the bridge possible. Bastion host is an instance that will be placed on a public subnet and will be accessible using SSH. You will use the same SSH tunnel, only changing the host used to point the bastion host.

Cheers 🍻

profile
Sentry
 Promoted

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (1)

Collapse
 
nirmal_kumar profile image
Nirmal • Edited

To make this further simpler, we can add these settings to ssh/config file like this


Host rds_ShortName
HostName ec2-hostname
User ec2-user
IdentitiesOnly yes
IdentityFile ~/.key.pem
LocalForward 3306 rds-host:3306

Usage : ssh rds_ShortName -Nv

profile
Heroku
 Promoted

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Read next

femilawal profile image

Navigating AWS EKS with Terraform: Implementing Cluster Auoscaler in your EKS Cluster

Oluwafemi Lawal -

yusadolat profile image

How to Pay AWS Bills in Naira: A Quick Guide

Yusuf Adeyemo -

nowsathk profile image

Securely access Amazon EKS with GitHub Actions and OpenID Connect

Nowsath -

carlosfilho profile image

AWS Compute Optimizer released a new feature

Carlos Filho -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay