Disclaimer.
My client owns its own domain, I haven't tested it without a domain. If you test it and worked as expected, share the trick in the comments section below.
If you have been developing apps or are new to AWS, you might have experienced some challenges; especially, when you are running them under a private subnet.
A common tutorial is this one from AWS:
Generally speaking, it's overcomplicated. My client has some extreme policies that made the tutorial barely usable. We needed to do some extra workarounds in the AWS CLI to make it work, including opening the specific ports in advance (5432 [PostgreSQL], for instance). And finally connecting with an uncommon trick like this one:
ssh -L localhost:MY_LOCAL_PORT:MY_LOCAL_URL:MY_DB_PORT -N -J MY_LOCAL_USER -i ~/MY_LOCATION/MY_FILE_NAME.pem VM_USER
After a while, I found an easier way that worked for us, we created a Create private hosted zone with our domain and our preferred region (eu-west-1) in Route 53, for example:
00027384723984729.eu-west-1.loc.supernova.com
Next, inside your hosted zone you need to create a new record using your RDS instance endpoint, for example:
database-1.cwfas04jasa01.eu-west-1.rds.amazonaws.com
Your new record must contain the following:
- Record name: the name you want to give like homedb
- Record type: choose the option: CNAME.
- Value: the endpoint in your RDS instance: database-1.cwfas04jasa01.eu-west-1.rds.amazonaws.com
Do click in Create records and that's all. You will get something like this:
homedb.00027384723984729.eu-west-1.loc.supernova.com
After this, you can access your RDS instance without any extra EC2s or complex workarounds. If you face any troubles, verify if you have the DB ports open in your firewall.
Follow me on:
| Personal | YouTube | Cyber Prophets | Sharing Your Stories | ||
|---|---|---|---|---|---|
 |
 |
 |
 |
 |
|
Banner credits:
Top comments (1)
This will expose your database to the internet, so it's probably best not to do this. Exploits on databases have reeked havok on the internet in the past. It's best to keep it hidden and exposed only through the bastion host and ssl.