Safely Through the Gates: SSH Tunneling to connect multiple
remote AWS private resources.

The Optimizer
2 min readFeb 13, 2024

--

Hola!!! πŸ™‹πŸ»β€β™‚οΈ

In today’s cloud-driven world, securely accessing resources hosted on AWS is paramount. In this post, we’ll explore how to securely access multiple private RDS instances, EKS, EC2, etc. on AWS using SSH tunneling.

πŸ“ŒSetting Up SSH Config

To streamline the process, we can leverage SSH config files. Below is an example SSH config file tailored for accessing multiple private instances through a bastion host:

𝚌𝚊𝚝 ~/.πšœπšœπš‘/πšŒπš˜πš—πšπš’πš
π™·πš˜πšœπš πš›πšπšœ_πšπšžπš—πš—πšŽπš•_πšŒπš˜πš–πš‹πš’πš—πšŽπš
πš„πšœπšŽπš› πšžπš‹πšžπš—πšπšž
π™·πš˜πšœπšπš—πšŠπš–πšŽ <πš’πš—πšœπšπšŠπš—πšŒπšŽ πš’πš 𝚘𝚏 πš‹πšŠπšœπšπš’πš˜πš— πš‘πš˜πšœπš>
π™ΈπšπšŽπš—πšπš’πšπš’π™΅πš’πš•πšŽ ~/.πšœπšœπš‘/πš‹πšŠπšœπšπš’πš˜πš—-πš‘πš˜πšœπš.πš™πšŽπš–
πšπšŽπššπšžπšŽπšœπšπšƒπšƒπšˆ πš—πš˜
π™Ώπš›πš˜πš‘πš’π™²πš˜πš–πš–πšŠπš—πš πšœπš‘ -𝚌 β€œπšŠπš πšœ πšœπšœπš– πšœπšπšŠπš›πš-πšœπšŽπšœπšœπš’πš˜πš— β€” πš™πš›πš˜πšπš’πš•πšŽ 𝚊𝚠𝚜-πš™πš›πš˜πšπš’πš•πšŽ β€” πš›πšŽπšπš’πš˜πš— 𝚞𝚜-𝚎𝚊𝚜𝚝-𝟷 β€” πšπšŠπš›πšπšŽπš %πš‘ β€” πšπš˜πšŒπšžπš–πšŽπš—πš-πš—πšŠπš–πšŽ π™°πš†πš‚-πš‚πšπšŠπš›πšπš‚πš‚π™·πš‚πšŽπšœπšœπš’πš˜πš— β€” πš™πšŠπš›πšŠπš–πšŽπšπšŽπš›πšœ β€˜πš™πš˜πš›πšπ™½πšžπš–πš‹πšŽπš›=%πš™β€™β€
π™»πš˜πšŒπšŠπš•π™΅πš˜πš›πš πšŠπš›πš 𝟻𝟺𝟹𝟷 𝚍𝚎𝚟-πšπš‹-πš‘πš˜πšœπšπš—πšŠπš–πšŽ:𝟻𝟺𝟹𝟸
π™»πš˜πšŒπšŠπš•π™΅πš˜πš›πš πšŠπš›πš 𝟻𝟺𝟹𝟸 𝚚𝚊-πšπš‹-πš‘πš˜πšœπšπš—πšŠπš–πšŽ:𝟻𝟺𝟹𝟸
π™»πš˜πšŒπšŠπš•π™΅πš˜πš›πš πšŠπš›πš 𝟻𝟺𝟹𝟹 πšŽπš”πšœ-πšŽπš—πšπš™πš˜πš’πš—πš:𝟺𝟺𝟹

πŸ‘€Explanation of LocalForward rules

Each LocalForward rule defines a port forwarding configuration from a local port on your machine to a specific RDS instance:
Port 5431 forwards to the development database.
Port 5432 forwards to the QA database.
Port 5433 forwards to the EKS cluster.

🧐How to Use the SSH Config File

Using the provided SSH config file is straightforward. Simply save the configuration to your ~/.ssh/config file and replace ~/.ssh/bastion-host.pem with the path to your SSH private key file. Once configured, you can initiate SSH connections to the remote private instances by running β€œssh rds_tunnel_combined” command.

πŸ‘ŒBenefits and Use Cases

Enhanced security: All connections are encrypted, minimizing the risk of data interception.
Simplified access: Users can easily connect to multiple RDS instances with a single command.
Flexible configuration: The SSH config file allows for easy customization of port forwarding rules to suit different use cases.

Conclusion

SSH tunneling provides a secure and efficient way to access AWS private instances from anywhere. By leveraging SSH config files and port forwarding, you can streamline the process of connecting to multiple RDS instances while ensuring data security. Give it a try and experience the benefits of secure SSH tunneling for yourself!

Thanks for reading my blog. Feel free to hit me up for any AWS/DevOps/Open Source-related discussions.

Manoj Kumar β€” LinkedIn.

--

--

The Optimizer
The Optimizer

Written by The Optimizer

Cloud & DevOpsπŸ‘¨β€πŸ’» | AWS☁️| K8sβš”οΈ| TerraformπŸ—οΈ | CI/CDπŸš€| Open Source 🐧 | Versatile DevOps engineers. Well-versed with DevOps Tools and Cloud Services.

No responses yet