Phillip Odam
Aug 31, 2018 · 1 min read

Hi Bhavin

A little late but better than never… assuming you never solved it yourself. Just as you said an SSH tunnel won’t work since Amazon doesn’t allow SSH access to those services but you could run a reverse proxy… assuming the channel is just SSL my tool of choice would probably be NGINX with the stream ssl module (http://nginx.org/en/docs/stream/ngx_stream_ssl_module.html). Never done this with your particular case (RDS Aurora instance) but we’re doing it for IMAP, POP3 & SMTP where we’re terminating the SSL in NGINX, authenticating the user via NGINX’s mail auth protocol and then routing the unencrypted traffic to a local port listened to using NGINX’s stream module and at that point we begin proxying via ssl using proxy_ssl on; and then proxy_pass to the backend where we round robin across a pool of servers.

So short of it is I’d say you can certainly do it and all with regular off the shelf free and open source software.

Phillip