Open in app

Sign in

Write

Sign in

Bypassing the Walls: A Guide to Accessing Private Databases in AWS VPC!

Vikas Yadav
3 min readAug 5, 2023

Introduction

One common challenge that developers face while working with AWS (Amazon Web Services) involves connecting to a private database that isn’t publicly accessible. This database is hosted inside a Virtual Private Cloud (VPC) and can only be accessed within the VPC. To overcome this problem, we can utilize an SSH Bastion host as a bridge to access the private database.

In this blog post, we’ll illustrate step-by-step how to set up this configuration. We’ll be using MySQL Workbench as an example, but the process can be adapted for other tools.

Here are the overall steps:

  1. Create the SSH Bastion Host: Launch an EC2 instance within the VPC to serve as the SSH Bastion Host and configure its security group to allow SSH connections.
  2. Configure Security Groups: Modify the security group associated with your RDS instance to allow inbound traffic from the Bastion host.
  3. Give Developers Access: Provide ssh key to developers and ensure they are able to ssh to the box
  4. Setup MySQL Workbench: Configure it to use the ssh key to connect to the database

Creating the SSH Bastion Host

An SSH Bastion Host acts as a “jump server,” allowing you to SSH into your private resources within the VPC.

Step 1: Launching the EC2 Instance

Launch a new EC2 instance in your VPC.

  1. This instance will serve as your SSH Bastion Host.
  2. Ensure the instance is spawned in the same VPC as the RDS instance.

For demonstration purposes, we’ll use the hostname “my-ec2-bastion.host”. Ensure the instance has a security group allowing SSH connections (port 22) from your IP address.

Step 2: Configuring the EC2 Instance

Next, we need to give developers access to this host.

  1. You can either share the private key used while creating the ec2 instance with developers.
  2. Or you can add their public key into the authorized_keys after booting up the bastion host. You can find more details here: https://askubuntu.com/questions/46424/how-do-i-add-ssh-keys-to-authorized-keys-file

Step 3: Verifying Connectivity

Before setting up the SSH tunnel, it’s a good idea to verify that your Bastion host can reach your RDS instance. SSH into your Bastion host and use telnet to test the connection:bashCopy code

ssh -i /path/to/your/key.pem ec2-user@my-ec2-bastion.host
telnet my-private-db.endpoint 3306

If the connection is successful, you’ll see an output similar to this:

Trying my-private-db.endpoint...
Connected to my-private-db.endpoint.
Escape character is '^]'.

Setting Up MySQL Workbench (or other similar tols)

After creating and configuring your SSH Bastion Host, you’ll need to set up MySQL Workbench (or your chosen tool) to connect to your private database.

All you need to do is provide the database credentials along with SSH. Here are some config snapshots for your reference.

Conclusion

Connecting to a private database inside a VPC on AWS can initially seem daunting, but by creating an SSH Bastion Host, you can make the process much more manageable. This method securely opens up your private resources for development, ensuring that your data remains safe from potential threats. As we’ve seen, with a few straightforward steps, any developer can set up this configuration and get to work on their AWS private database.

DevOps
MySQL
AWS

--

--

Vikas Yadav

Written by Vikas Yadav

390 Followers

Founder: TechOpsConsulting.in, Ex-LinkedIn

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams