2

Does anyone know where to find the values needed for the parameters required for an ssh connection involving a bastion host and an AWS RDS instance?

I have listed what I have been able to find so far below:

  • SSH Hostname - Endpoint given for RDS instance in the AWS console

    • SSH Username - I'm seeing in tutorials all over the place it's ec2-user, should I also use this?

    • SSH password - do I need this, since I already have a .pem file for the key pair? `

    • SSH Key File` - got this
    • MySQL Hostname - I'm not sure what to put for this.
    • MYSQL Server Port - 3306
    • Username - root
    • Password - not sure which password this is referring to
user11508332
  • 537
  • 1
  • 11
  • 28

2 Answers2

2

There are two ways ,

  • If you are trying to access the RDS instance from local computer, you need to make sure that public access is enabled from db settings. By this way you can connect using db endpoint and username password.

  • Another way is through ssh tunneling, in which database is not needed to be accessible publicly but needs to be accessible from instance inside vpc.. You need to ssh to the machine using instance's credentials like username password or key file. Then, once connected to ec2 instance, you can use db endpoint credentials to connect to RDS instance using SQL connection commands. You will need to configure security groups to allow the connections from RDS and ec2 to do this.

Details of parameters :

  • SSH Hostname - Ec2 instance external IP address or DNS name. Can be found on ec2 console description tab.

  • SSH Username - ec2 instance username. Can be found in ec2 console -> ec2 details.

  • SSH password - ec2 instance password. - not needed if using key file.

  • SSH Key File` - pem file created or used when ec2 instance was created.

  • MySQL Hostname - RDS endpoint - you can get from RDS console.

  • MYSQL Server Port - usually 3306, but if modified during RDS creation, check in RDS console.

  • Username - database username that was set while creating RDS.

  • Password - Database password set while creating instance.

Vishal Alhat
  • 101
  • 5
1

First of all you're not SSHing into a Database, SSH is only for EC2 instances. The logical steps would be:

  1. SSH from local computer to EC2 instance (optional depending on settings below)
  2. Connect to the database using something like mysql -H (hostname) -u admin -p it will prompt for password.

If you want to connected to the DB directly, make sure you whitelist your IP on the security group for the DB. The security group by default will not allow you to connect to it directly, or anywhere by default.

If you want to connect to the DB from your bastion host, again, you'll need to whitelist the IP of the bastion host.

Security groups are basic ALLOW from IP on PORT. So for MySQL the port will be 3306.

In AWS, there's a ton of variables why this may be failing.

  • Are these resources in the same region?
  • Are these resources in the same subnet? Is the subnet private or public?

During the configuration of RDS, at least in the past, you could not set the security group at all during the configuration. You always had to remember to go back and click Modify, then go in and give it a security group.

The best practice here around security groups, is to

  1. Create one for your bastion host instance, only allowing 22 to your home IP.
  2. Create one for your RDS instance, allowing 3306 from the security group ID of your bastion host. That way you don't need to worry about your bastion host IP changing, any instance that has the bastion host security group will be able to access 3306 on this RDS.
  3. Assign the security groups to the correct resources.

If you're still having problems, I can get much deeper on this.

Taylor Turner
  • 198
  • 1
  • 1
  • 8