How to connect to a RDS in private subnet using MySQL Workbench?

Question

I just created the following architecture in a VPC for a project :

• 1 public subnet with a bastion (EC2 instance) in it
• 1 private subnet with an EC2 instance and a RDS instance in it I use the bastion to connect to the EC2 private instance (with ssh agent forwarding using Putty and Pageant) and my RDS instance is connected to the private EC2 instance.

My question is : How do I do to connect to my RDS instance using MySQL Workbench on my local PC wiht this architecture ?

I have read that it is simple if I just connect my RDS instance directly to the bastion but it seems awful in term of architecture.

Answer 1

it seems awful in term of architecture.

This is how it is done. You need to have a bastion host in a private subnet and setup an ssh tunnel to the RDS instance. This can be dune using session manager as explained in AWS docs:

• Securely connect to an Amazon RDS or Amazon EC2 database instance remotely with your preferred GUI

You can also setup regular ssh tunnel, without session manager, but this requires bastion in a public subent:

• Connecting to an AWS MySQL RDS using a Bastion Host