Reputation: 71
how to connect to private RDS from localhost
I have a private VPC with private subnets a private jumpbox in 1 private subnet and my private RDS aurora MySql serverless instance in another private subnet.
I did those commands on my local laptop to try to connect to my RDS via port forwarding:
aws ssm start-session --target i-0d5470040e7541ab9 --document-name AWS-StartPortForwardingSession --parameters "portNumber"=["5901"],"localPortNumber"=["9000"] --profile myProfile
aws ssm start-session --target i-0d5470040e7541ab9 --document-name AWS-StartPortForwardingSession --parameters "portNumber"=["22"],"localPortNumber"=["9999"] --profile myProfile
aws ssm start-session --target i-0d5470040e7541ab9 --document-name AWS-StartPortForwardingSession --parameters "portNumber"=["3306"],"localPortNumber"=["3306"] --profile myProfile
The connection to the server hangs.
I had this error on my local laptop:
Starting session with SessionId: myuser-09e5cd0206cc89542
Port 3306 opened for sessionId myuser-09e5cd0206cc89542.
Waiting for connections...
Connection accepted for session [myuser-09e5cd0206cc89542]
Connection to destination port failed, check SSM Agent logs.
and those errors in /var/log/amazon/ssm/errors.log:
2021-11-29 00:50:35 ERROR [handleServerConnections @ port_mux.go.278] [ssm-session-worker] [myuser-017cfa9edxxxx] [DataBackend] [pluginName=Port] Unable to dial connection to server: dial tcp :3306: connect: connection refused
2021-11-29 14:13:07 ERROR [transferDataToMgs @ port_mux.go.230] [ssm-session-worker] [myuser-09e5cdxxxxxx] [DataBackend] [pluginName=Port] Unable to read from connection: read unix @->/var/lib/amazon/ssm/session/3366606757_mux.sock: use of closed network connection
and I try to connect to RDS like this :
I even tried to put the RDS Endpoint using ssh Tunnel, but it doesn't work:
Are there any additional steps to do on the remote server ec2-instance?
It seems the connection is accepted but the connection to the destination port doesn't work.
Thank you for your help on this!!
Upvotes: 2
Views: 3033
Answers (1)
Reputation: 4951
The start-session command tunnels the port from the target EC2 instance to localhost. The RDS instance is on another host, so you must use SSH tunneling.
Send your public key to the EC2 instance. Fill in the region and availability zone parameters.
aws ec2-instance-connect send-ssh-public-key --region us-west-2 --instance-id i-0d5470040e7541ab9 --availability-zone us-west-2a --instance-os-user ec2-user --ssh-public-key file://~/.ssh/id_rsa.pub
Forward the SSH port 22 from the EC2 instance to 9999 locally.
aws ssm start-session --target i-0d5470040e7541ab9 --document-name AWS-StartPortForwardingSession --parameters "portNumber"=["22"],"localPortNumber"=["9999"] --profile myProfile
SSH into the instance with tunneling (in another terminal). Fill in rds-instance-dns with the DNS of your RDS instance.
ssh ec2-user@localhost -L 6606:rds-instance-dns:3306 -i ~/.ssh/id_rsa -p 9999
Access RDS
mysql -h localhost -p 6606
You also need to ensure that your EC2 instance has the correct permissions to access the RDS instance by configuring the security group.
Upvotes: 2
Related Questions
- Error Connecting to RDS AWS DB from nestjs Unable to get local issuer Certificate
- Connect to private RDS instance
- Connecting App To an Amazon Aurora RDS Instance
- how to connect to rds private instance after ssh into bastion host
- How can I connect to my serverless RDS instance from the public internet?
- How to access AWS RDS instance from local PC
- How to access RDS instance which in private subnet from ec2 instance from another private subnet?
- Stuck on talking to RDS/Aurora from node
- How to connect to RDS Instance in private subnet via NAT instance
- Connecting to Aurora RDS from my EC2 server