-2

To access RDS in private subnet, in the below architecture,

enter image description here

Giving public IP of EC2, ssh private key location of EC2 in public subnet, DB credentials of RDS in private subnet, as shown below,

enter image description here

How EC2(in public subnet) allow ssh tunneling to RDS in private subnet? Is it something to do with /etc/ssh/sshd_config in EC2?

overexchange
  • 15,768
  • 30
  • 152
  • 347
  • Stack Overflow is a site for programming and development questions. You should use another site on the [Stack Exchange network](https://stackexchange.com/sites) for this question. – jww Dec 21 '18 at 01:37

1 Answers1

1

From the picture, the EC2 instances share the same private network (class B) 172.16.X.X with the RDS therefore by having access to any instance in the public segment and depending on the security groups defined on the RDS it may be possible to reach the database by doing something like:

ssh -L 3307:<db>.rds.amazonaws.com:3306 user@your.ec2

The option -L will do a local port forwarding from port 3307 (your computer) to port 3306 in <db>.rds.amazonaws.com going through your.ec2.instance.

You could use a bastion host to do this, you could read more about it here: https://docs.aws.amazon.com/quickstart/latest/linux-bastion/architecture.html

Besides defining how and what users to allow using ssh you will not have to deal with sshd_config most of the work will be either in AWS security groups or how you defined your VPC or network ACL's.

nbari
  • 25,603
  • 10
  • 76
  • 131
  • How *local port forwarding* concept relates to *ssh tunneling* concept in your answer?let me read this ... https://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html – overexchange Dec 20 '18 at 17:23
  • Please close off-topic questions. – jww Dec 21 '18 at 01:37