Connecting from a local workstation to AWS RDS MySQL via SSH tunneling.
Create a .auto.tfvars to setup your stack:
aws_region = "us-east-2" rds_instance_class = "db.t4g.micro" rds_multi_az = false rds_username = "mysqladmin" rds_password = "p4ssw0rd" jumpserver_allow_ssh = ["0.0.0.0/0"]Apply the stack:
terraform init terraform apply -auto-approveCreate a temporary key pair:
mkdir keys ssh-keygen -f keys/temp_keyAdd the public key to the .ssh/authorized_keys file using SSM Run Command:
# Set "instance-id" and "SSH_PUB_KEY" values accordingly aws ssm send-command \ --targets "Key=InstanceIds,Values=instance-id" \ --document-name "AWS-RunShellScript" \ --comment "Add public key to SSH tunneling" \ --parameters "commands='echo SSH_PUB_KEY >> /home/ubuntu/.ssh/authorized_keys'" \ --output textCheck the command status:
aws ssm get-command-invocation \ --command-id "ef7fdfd8-9b57-4151-a15c-db9a12345678" \ --instance-id "i-1234567890abcdef0" \ --query StatusCheck if everything is working by connecting via SSH:
ssh -i keys/temp_key ubuntu@<INSTANCE_DNS>Before creating the tunnel, enhance the security by allowing only your IP to connect via SSH:
jumpserver_allow_ssh = ["YOUR PUBLIC IP/32"]Apply the configuration.
Now, create the tunnel:
ssh -i keys/temp_key -f -N -l ubuntu -L 3306:RDS_MYSQL_FQDN:3306 EC2_INSTANCE_FQDN -v If the tunnel is created, you should now be able to connect to MySQL from your local machine on port 3306.
terraform destroy -auto-approve