That was the google query I searched and it took me a long time to find an answer so I’m going to contribute it back to the internet.
Most helpful resources:
(almost helpful: http://it.blog.adclick.pt/linux/amazon-rds-tunnel-access-from-your-desktop/ )
I wanted to connect to a remote RDS instance from my mac computer. You normally would connect through an ec2 instance so do things differently, but if you want to connect from your local computer, the permissions make this a bit challenging. You might think you just connect by saying
mysql -u user -p -h your.rds.host
but that won’t work.
If you scour the internet there appear to two main solutions.
- Add your IP address to a whitelist on rds, but could be problematic since your IP address will probably change.
- Connect to the RDS instance using SSH tunneling.
I had not set up SSH tunneling before and for some reason had a hard time tracking it down. I use sequl pro to inspect our database sometimes, and I realize I was able to connect using SSH tunneling via their gui interface.
So, what is the solution?
There are two steps:
- Set up the SSH Tunnel
ssh -N -L 3306:your.rds.endpoint.rds.amazonaws.com:3306 email@example.com
-N only set up the tunnel
-L set up the forwarding
3306 that first number is the port on your local machine
your.rds.endpoint.amazonaws.com The name of the rds endpoing
3306 the port on the remote computer
firstname.lastname@example.org how you log in to your ec2 instance
2. Use the SSH Tunnel
mysql -u dbuser -p -h 127.0.0.1
This lets you connect to the remote rds instance. Note that you have to use the host here 127.0.0.1 explicitly and that it is not the host you set up earlier. This is because it is now forwarding all of the requests. That’s all.
To be clear on how the ports work, here is another example
ssh -N -L 1234:your.rds.endpoint.rds.amazonaws.com:3306 email@example.com
mysql -u dbuser -p -h 127.0.0.1 -P 1234
This says forward from port 1234 on my computer to port 3306 on the remote instance. I just used 3306 in both as the defaults.