Connecting to MySQL RDS instance through AWS bastion host from a MySQL client

3
votes

I'm trying to connect to a RDS instance from a MySQL Client tool. But the issue I found was it could only SSH to one machine (AWS bastion host). But how do I connect to the RDS instance internally thorugh the AWS bastion host?

Consider the machines A, B and C where, 
A-> local machine
B-> AWS ec2-instance
C-> RDS instance

On making the machine B as a AWS bastion host, Is it possible to connect through SSH to RDS instance via the AWS bastion host (machine B) just by connecting to machine B from machine A?

i.e., on connecting through SSH to machine B from machine A, the machine B should automatically SSH and connect to the MySQL RDS instance (machine C).

1
mysqlamazon-web-servicesamazon-s3amazon-ec2mysql-workbench
Have you checked your security groups? You will want to confirm the security group attached to machine C allows access from machine BVenkata.Mutyala
@Venkata.Mutyala Yes, machine C can be accessed from machine B. But my question is, How do I use a ssh key to connect to RDS MySQL via an AWS bastion host from a MySQL ClientMathew
See if this helps: rickchristianson.wordpress.com/2013/10/21/…Venkata.Mutyala
It depends on which MySQL client tool. Workbench (dreadful software in general) can apparently handle SSH tunnels on its own. Other clients may also have native support. Or you can easily build a tunnel from the command line. What's your client? Note also that machine B doesn't "ssh" anywhere. The MySQL client/server protocol, itself, does not use SSH, and RDS does not use SSH. From bastion to RDS, it's just TCP, not SSH.Michael - sqlbot
Thinking about it, my last two sentences may clear up something you're overlooking. You only need to ssh to the bastion host. The tunnel is between you and it, and it has access to RDS.Michael - sqlbot

1 Answers

1
votes

As they suggested before, you need to connect by an ssh tunnel.

You can do it with mysql client, or from console:

ssh user@example.com -L 3307:{target_host}:3306 -N

Note: 3306 is the port where you set the tunnel for connect mysql client, you will use it again for run the client.

Then just run again mysql client from the tunnel:

mysql --host={target_host} --port=3306 -u user -p