Connect your AWS RDS with aprivate EC2 on the same private subnet via your local machine

Introduction

You might have trouble with this question: “Have my localhost machine opened port yet?” or “Have my EC2 allow my IP yet?”. And then you start the same old processes to access your RDS every single time. Here you are the right place to make your life easier.

This blog will guild you on how to connect your AWS’s RDS without create public subnet.

Prerequisite

Localhost machine

• The AWS Command Line Interface (AWS CLI).
• Session Manager plugin
• Terminal on your local machine
• database toolset installed locally on local machine

AWS components and services

• (IAM) user with programmatic access to your AWS account.
• Amazon Elastic Compute Cloud (Amazon EC2).
• Amazon Virtual Private Cloud (VPC)
• RDS instance and DB security group

Steps to connect to your RDS

create Security groups

• Create your security group for bastion host and RDS instance as shown below

• In the Security group’s Outbound rules section, we allow these ports to access RDS as shown in the figure below.

• For inbound rules, allow traffic from EC2 Bastion secuirty group into DB Security group on the DB instance port as figure below.

• Press Save rules button

Next create the IAM role for the EC2 instance

• Go to IAM console, then choose roles
• Click create role
• Click common use cases, choose EC2 and click Next: Permissions

• Add AmazonSSMManagedInsanceCore policy to your role
• Go to Review page
• Click Create role

Create EC2 instance

• Go to Amazon EC2 console and click button name Launch instances button
• choose the latest Linux AMI.
• Select t3.micro instance class.
• Choose private subnet
• Disable Auto-assign Public IP, or if disabled at the subnet, choose Use subnet setting (Disable)
• Click Review and Launch
• Accept the warning because we uses Session Manager to connect DB hence no required port to open on the instance
• Click launch

Connect to your RDS via localmachine

• Open terminal
• Config your aws profile via this command

$ aws configure --profile <YOUR_AWS_PROFILE>

• Establish your forward port with this command

$ aws ssm start-session --region <REGION> --target <EC_INSTANCE_ID> --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters "{\"portNumber\":[\"3306\"],\"localPortNumber\":[\"3306\"],\"host\":[\"DB_HOST\"]}"

• Open your Database workbench or any database tools to connect your RDS. Your successful connection should look like this

🎉🎉 That’s it. Now, you are able to connect your RDS securely. 🎉🎉

Contact us or find more Blogs here.
- https://medium.com/tri-petch-digital