ssh tunnel for RDS via bastion host

Our RDS db is hosted on Amazon. Our Bastion(Jumphost) can connect to the db. Connections to the db are not allowed outside of the internet.

 

 

Run ssh tunnel locally:

This creates a tunnel from my local machine to the Bastion:

ssh -N -L 3307:my-rds-db.us-east-1.rds.amazonaws.com:3306 ec2-my-bastion-server.compute-1.amazonaws.com

This will forward port 3307 from your local desktop to the remote MySQL rds server through your Public facing bastion EC2 instance.

You can easily set up this tunnel every time you log into your remote EC2 instance and log into it with whatever name you prefer:

Add this to .ssh/config:

Host my_instance
  Hostname bastion-ip
  Localforward 3307 my-rds-db.us-east-1.rds.amazonaws.com:3306

Then, just:

ssh my_instance

Connect to db using your favorite db interface.

An example using mysql:

$ mysql -uusername -h 127.0.0.1 -P 3307 -p

For more info man ssh:

-L [bind_address:]port:host:hostport
 Specifies that the given port on the local (client) host is to be forwarded to the given 
 host and port on the remote side.  This works by allocating a socket to listen to port on 
 the local side, optionally bound to the specified bind_address.  Whenever a connection is 
 made to this port, the connection is forwarded over the secure channel, and a connection 
 is made to host port hostport from the remote machine.  Port forwardings can also be 
 specified in the configuration file.  IPv6 addresses can be specified by enclosing the 
 address in square brackets.  Only the superuser can forward privileged ports.  By default, 
 the local port is bound in accordance with the GatewayPorts setting.  However, an explicit 
 bind_address may be used to bind the connection to a specific address.  The bind_address of 
 ``localhost'' indicates that the listening port be bound for local use only, while an empty 
  address or `*' indicates that the port should be available from all interfaces.

Leave a comment

Your email address will not be published. Required fields are marked *

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam

Hit Counter provided by dental implants orange county