Login
March 5, 2025|
Voiced by Amazon Polly |
Introduction
Amazon RDS (Relational Database Service) is a managed database service that simplifies database operations such as setup, scaling, and maintenance. If your Amazon RDS instance is in a private subnet and not directly accessible from the public internet, you can connect to it securely using an SSH tunnel. This guide will walk you through the steps to set up an SSH tunnel and connect to your Amazon RDS database using PGAdmin.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Prerequisites
1. Amazon RDS Instance: Ensure you have an Amazon RDS PostgreSQL instance set up in your AWS account.
2. Bastion Host (Jump Server): A bastion host is needed to bridge your private subnet.
3. SSH Client: Ensure you have an SSH client installed (e.g., OpenSSH).
4. PGAdmin Installed: Download and install PGAdmin if you haven’t already.
5. Permissions: Ensure your AWS IAM user or role has permission to connect to the bastion host and access the Amazon RDS instance.
Step-by-Step Guide
Step 1: Configure Security Groups
1. Bastion Host Security Group:
– Allow SSH (port 22) access from your local machine’s IP address.
2. Amazon RDS Security Group:
– Ensure the security group associated with the Amazon RDS instance allows inbound connections on port 5432 (PostgreSQL default port) from the bastion host.
Step 2: Identify Connection Details
– Bastion Host: Note the public IP address or DNS of your bastion host.
– Amazon RDS Endpoint: Obtain the endpoint from the Amazon RDS console.
– Private Key File: Locate the private key file for your bastion host.
Step 3: Set Up an SSH Tunnel
An SSH tunnel forwards traffic from a local port on your machine to the Amazon RDS instance via the bastion host. Use the following command to create the tunnel:
|
1 |
ssh -i /path/to/private-key.pem -N -L 5433:<rds-endpoint>:5432 ec2-user@<bastion-host-public-ip> |
– Replace /path/to/private-key.pem with the path to your private key.
– Replace <rds-endpoint> with your Amazon RDS endpoint (e.g., http://mydb.abcdefgh123.us-east-1.rds.amazonaws.com).
– Replace <bastion-host-public-ip> with the bastion host’s public IP or DNS.
– The 5433 is the local port on your machine; you can use a different local port if needed.
Keep this terminal open while using the tunnel.
Step 4: Configure PGAdmin
1. Open PGAdmin: Launch PGAdmin on your local machine.
2. Create a New Server:
– In PGAdmin, right-click on “Servers” in the navigation pane and select “Create” > “Server”.
3. General Tab:
– Enter a name for your server (e.g., “RDS Tunnel”).
4. Connection Tab:
– Hostname/Address: Enter localhost.
– Port: Enter 5433 (the local port you used in the SSH command).
– Maintenance Database: Enter the name of your database (e.g., Postgres by default).
– Username: Enter your database username.
– Password: Enter your database password.
5. Save Settings:
– Click “Save” to connect to the database.
Step 5: Test the Connection
– Once configured, PGAdmin will attempt to connect to the database through the SSH tunnel. If everything is set up correctly, you can manage your Amazon RDS PostgreSQL instance through PGAdmin.
Troubleshooting Tips
– SSH Tunnel Not Working: Ensure the bastion host’s security group allows SSH access and that you use the correct private key and username.
– Connection Refused in PGAdmin: Verify that the local port matches the one specified in the SSH command.
– Network Configuration: Ensure the Amazon RDS security group allows connections from the bastion host.
– Database Credentials: Double-check your Amazon RDS username and password.
Conclusion
By following this guide, you can establish the connection and leverage PGAdmin’s features to interact with your database seamlessly.
Drop a query if you have any questions regarding Amazon RDS and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. What is an SSH tunnel, and why is it needed?
ANS: – An SSH tunnel securely forwards traffic from your local machine to a remote server through an intermediate server (bastion host). It is needed when your Amazon RDS instance is in a private subnet and cannot be accessed directly from the internet.
2. What if my Bastion host uses a different username?
ANS: – Replace ec2-user in the SSH command with the appropriate username for your bastion host.
WRITTEN BY Rajveer Singh Chouhan
Rajveer works as a Cloud Engineer at CloudThat, specializing in designing, deploying, and managing scalable cloud infrastructure on AWS. He is skilled in various AWS services as well as automation tools like Terraform and CI/CD pipelines. With a strong understanding of cloud architecture best practices, Rajveer focuses on building secure, cost-effective, and highly available solutions. In his free time, he keeps up with the latest advancements in cloud technologies and enjoys exploring infrastructure automation and DevOps tools.
PREV
Comments