Fargate's SSM Agent version has been updated to version 3.1.1732.0 or later, enabling port forwarding to remote hosts.
https://aws.amazon.com/jp/about-aws/whats-new/2022/05/aws-systems-manager-support-port-forwarding-remote-hosts-using-session-manager/
However, it is quite cumbersome to set up the necessary ECS components to connect to RDS using Fargate. You need to create an ECS cluster, service, task definition, the required roles, and enable ECS Exec, among other things.
To simplify this process, I've created a CLI tool that automatically sets up a Fargate bastion host when specifying the RDS endpoint.
https://github.com/wim-web/xpx
You can set up the environment for forwarding to the specified host by simply running the following command:
xpx tunnel --host hoge.ap-northeast-1.rds.amazonaws.com
When you terminate the process, the CLI will also clean up the resources created. It's very convenient.
If you already have a bastion Fargate instance running and are executing aws ssm start-session --target ${target} --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters ${parameters} --region ${REGION}, you can use this CLI:
https://github.com/wim-web/tonneeeeel
It allows you to interactively select ECS clusters, containers, and more, enabling forwarding and ECS Exec.
There is a similar CLI called "ecsta," but I created "tonneeeeel" because I wanted to filter interactively like a fuzzy finder. However, with "ecsta," you can achieve the same functionality by specifying options like "filter_command" for tools like peco.
Top comments (1)
Great writeup and great tool! I used it to help me spin up some similar infrastructure to port forward to RDS.