Carlos Ribeiro

Carlos Ribeiro

Coffee addicted Software Engineer

Connecting on RDS Server that is not publicly accessible

- 1 min

Let’s imagine the following scenario:


You have web servers on a public subnet that you can connect and your RDS instance is hosted on a private subnet. This way, your database instance is not publicly accessible through the internet and you can’t connect your local client with it.

It’s not possible to do a:

mysql -u user -p -h RDS_HOST

To establish a connection with the database, you’ll need to use your public EC2 instances to act as a bridge to the RDS. Let’s make a SSH Tunnel.

ssh -i /path/to/keypair.pem -NL 9000:RDS_ENDPOINT:3306 ec2-user@EC2_HOST -v

With this you can now connect to your private RDS instance using your local client.

mysql -h -P9000 -u RDS_USER -p

If your EC2 instance is on a private subnet too, you will need to set up a bastion host to make the bridge possible. Bastion host is an instance that will be placed on a public subnet and will be accessible using SSH. You will use the same SSH tunnel, only changing the host used to point the bastion host.

Cheers 🍻

rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora