![]() No Putty configuration or batch file to be started.īe sure to select „Standard TCP/IP over SSH“ and the correct private key format. With that option you can configure it all in that client. DBWeaver or the MySQL Workbench you can configure a TCP connection over SSH directly. Start %PUTTY_EXE% -i d:\my_private_key.ppk -L 3306.:3306Īfter saving it to a batch file we can start the SSH tunnel by a double-click.Īnother solution depends on your SQL Client. One solution is to place all Putty settings into a batch file: OFF This is all fine but we can do it even more convenient. This is possible, because the bastion host and the database instance are placed within the same VPC and the routing table allows the communication between both subnets.Īfter establishing the putty connection we can connect to our database on localhost, port 3306: In this example we create a tunnel for port 3306 on your local computer to port 3306 on the RDS instance host (DNS name). In the last step you enter the SSH tunnel settings for your database instance. This is the public IP address of your bastion host:Īfter that you define your private key for authentication: ![]() Configuring PuttyĪt first enter the hostname with ec2-user. With that configuration you limit the database access to the minimum needed. The security group for the RDS instance will allow inbound access for port 3306 (for MySQL) with restriction to the security groups which needs access to the database server (in our case the bastion host). The bastion host has inbound access for port 22 and your source IP address only (or more which is not recommended). Please note your security group settings. Putty (for Windows) to establish a SSH connection and configure it to create an SSH tunnel for the database port. t2.nano) into a public subnet within your VPC. The following picture gives you a quick overview: Instead of putting your database instance into a public subnet you can configure a bastion host (aka jump box) for acting as an intermediate server. With proper security groups configured you restrict the database access to that (web) servers which need access only.īut that configuration makes it more complicated for managing the database servers, e.g. So there is no internet gateway assigned to it. Steps to Creating SSH Tunnels with Putty Create Putty Connection 1 from the Host to the Bastion Open Putty, under Host Name, put the public IP address of your Bastion host, and specify Port 22. By definition a private subnet in Amazon Web Service (AWS) is not reachable from the internet. It is best practise to place your database servers into a private subnet.
0 Comments
Leave a Reply. |