How can I connect to a private Amazon RDS DB instance from a local machine using an Amazon EC2 instance as a bastion host

To Nha Notes | Jan. 26, 2022, 9:54 a.m.

To connect to a private RDS DB instance from a local machine using an EC2 instance as a jump server, follow these steps:

1. Launch and configure your EC2 instance and configure the network setting of the instance.
2. Configure the RDS DB instance's security groups.
3. Connect to the RDS DB instance from your local machine.

Important: To connect to a private Amazon RDS or Amazon Aurora DB instance, it's a best practice to use VPN or AWS Direct Connect. If you can't use VPN or Direct Connect, then use a bastion host. The following example configuration restricts access using security groups. However, you can also restrict the network access control list (network ACL) of subnets to make the connection more secure. You can also restrict the route scope of internet gateway to use a smaller range instead of 0.0.0.0/0. For example, you can add only the required CIDR range in the routing table for the destination when you add the internet gateway. For more information, see Example routing options.

References

https://aws.amazon.com/premiumsupport/knowledge-center/rds-connect-ec2-bastion-host/

https://aws.amazon.com/premiumsupport/knowledge-center/rds-connect-using-bastion-host-linux/