Connect to RDS via Jumpbox EC2

Hi, this time I am going to walk you through a method of connecting DBeaver client to mysql RDS that is located on a private subnet via EC2 instance that is located on a public subnet in the same VPC and acts as a jumpbox.

we will start clean and first create the RDS then create the EC2 and then configure a connection from locally installed DBeaver client.

          AWS account access with permissions to create RDS and EC2.
          Dbeaver client installed locally.

What is a JUMPBOX?

A jump server is an intermediary device responsible for funneling traffic through firewalls using a supervised secure channel. By creating a barrier between networks, jump servers create an added layer of security against outsiders wanting to maliciously access sensitive company data. Only those with the right credentials can log into a jump server and obtain authorization to proceed to a different security zone. Administrators can also use a jump server for auditing traffic and user activity for real-time surveillance.

What is Amazon RDS?

Amazon RDS is an easy to manage relational database service optimized for total cost of ownership. It is simple to set up, operate, and scale with demand. Amazon RDS automates the undifferentiated database management tasks, such as provisioning, configuring, backups, and patching. Amazon RDS enables customers to create a new database in minutes, and offers flexibility to customize databases to meet their needs across 8 engines and 2 deployment options. Customers can optimize performance with features, like Multi-AZ with two readable standbys, Optimized Writes and Reads, and AWS Graviton3-based instances, and choose from multiple pricing options to effectively manage costs.

Here is a little diagramm of what we are creating.

Lets firs start with creating the DB, for this example I will use a ‘MySQL’, default settings for free tier will be fine for this example.

Next create the EC2 instance that will be used for connection.
You will need an SSH key down the tutorial so if you don’t have one already create one before creating the EC2.

After EC2 is created, navigate back to RDS configuration and add the EC2 as a ‘Connected Compute Resource’,
As a part of the procedure VPC security groups will be added both to the DB and EC2.

Now lets set the connection configuration on DBeaver, for that you will need:

          public IP of the EC2,
          key you have created,
          RDS endpoint.

get it from AWS console and open DBeaver.

on connection option select MySQL as the DB you are connecting to.
on SSH tab enter the public IP of the EC2 instance that will be used as a jumpbox, enter the username and specify a path for the .PEM file.
click on ‘Test tunnel configuration’ to see of all good.

Next go to ‘Main’ tab and configure the DB credentials and endpoint, click the ‘Test Connection’ button and verify that you are connected to your RDS.

There you have it, cheers.