Our RDS db is hosted on Amazon. Our Bastion(Jumphost) can connect to the db. Connections to the db are not allowed outside of the internet.<\/p>\n
<\/p>\n
<\/p>\n
This creates a tunnel from my local machine to the Bastion:<\/p>\n
ssh -N -L 3307:my-rds-db.us-east-1.rds.amazonaws.com:3306 ec2-my-bastion-server.compute-1.amazonaws.com<\/code><\/pre>\nThis will forward port\u00a03307<\/code>\u00a0from your local desktop to the remote MySQL rds server through your Public facing bastion EC2 instance.<\/p>\nYou can easily set up this tunnel every time you log into your remote EC2 instance and log into it with whatever name you prefer:<\/p>\n
Add this to\u00a0.ssh\/config:<\/h3>\nHost my_instance\r\n Hostname bastion-ip\r\n Localforward 3307 my-rds-db.us-east-1.rds.amazonaws.com:3306<\/code><\/pre>\nThen, just:<\/p>\n
ssh my_instance<\/code><\/pre>\nConnect to db using your favorite db interface.<\/h3>\n
An example using\u00a0mysql<\/code>:<\/p>\n$ mysql -uusername -h 127.0.0.1 -P 3307 -p<\/code><\/pre>\nFor more info\u00a0man ssh<\/code>:<\/p>\n-L [bind_address:]port:host:hostport\r\n Specifies that the given port on the local (client) host is to be forwarded to the given \r\n host and port on the remote side. This works by allocating a socket to listen to port on \r\n the local side, optionally bound to the specified bind_address. Whenever a connection is \r\n made to this port, the connection is forwarded over the secure channel, and a connection \r\n is made to host port hostport from the remote machine. Port forwardings can also be \r\n specified in the configuration file. IPv6 addresses can be specified by enclosing the \r\n address in square brackets. Only the superuser can forward privileged ports. By default, \r\n the local port is bound in accordance with the GatewayPorts setting. However, an explicit \r\n bind_address may be used to bind the connection to a specific address. The bind_address of \r\n ``localhost'' indicates that the listening port be bound for local use only, while an empty \r\n address or `*' indicates that the port should be available from all interfaces.<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"ssh tunnel for RDS via bastion host <\/p>\n
Our RDS db is hosted on Amazon. Our Bastion(Jumphost) can connect to the db. Connections to the db are not allowed outside of the internet.<\/p>\n
<\/p>\n
<\/p>\n
Run ssh tunnel locally: <\/p>\n
This creates a tunnel from my local machine to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7641"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7641"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7641\/revisions"}],"predecessor-version":[{"id":7642,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7641\/revisions\/7642"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}