Connect to Private MySQL RDS Instances using MySQL Workbench
In this blog post We have explained how to connect to Private MySQL RDS Instances using MySQL workbench.
It is always recommended to host RDS instances (Databases) in private subnet as they should be more secure and also it doesn’t need to be hosted in public facing subnets.
Connecting RDS instances in the private subnet can be established in two ways.
Setup SSH tunneling using public EC2 Instance (As bastion Server)
I have published an separate article and explained in details on
How to create Linux EC2 Instances , Check here And also how to establish SSH connection to EC2 instances using SSH client.
By default , port 22 is open to all , We can restrict to local public IP address for security purpose.
Step 2 : Configuring RDS Instance Security Group.
Next step is configure the security group of the RDS instance in such a way that the EC2 instance is able to connect with it.
If you havn’t created an RDS instance yet , Check this blog. Always make sure to create the RDS instance in the Private subnet and Allow Database port only for the certain IP addresses.
To configure the security group , Login to RDS console.
In the navigation pane , Choose Databases , Select the RDS Instance.
Choose the Connectivity & Security tab. Under Security , Click the VPC security groups.
Then click the Inbound rules, Click Edit to allow a new inbound rule for EC2 instance.
Click Add rule , For port range , Enter the database port Eg: 3306 for MySQL
For the Source , Enter the private IP address of the EC2 instance.
and click Save rules.
The configuration which we have added in the security group will allow traffic from the EC2 instance’s private IP address.
Step 3 : SSH Tunneling
To establish the SSH tunneling , We need the following details.
Public IP Address of EC2 Instance , .pem file of the EC2 Instance , RDS instance Endpoint and Port.