We need to ensure that the EC2 instance is in the same VPC as the RDS database otherwise they will not be able to connect to each other. In terms of AWS, to create a Bastion Server, we need to create a EC2 instance (in my case, I created a t2.micro instance). When using a Bastion server, the network topology looks something like:
Check out this blog post for more details on how to controll network access using a bastion server. I'm not going to go into details on how to harden a bastion server, I'm concentrating on how to access MySQL through the server. What this means, in terms of connecting to a MySQL RDS instance, is that MySQL is not installed on the Bastion server, rather we use the Bastion server as a “jump” point to allow us to get to the real database server. The computer generally hosts a single application or process In this article, I’m going to show how to use a Bastion host which does not need us to expose the database access port (port 3306 in the case of MySQL) to the internet.Ī special-purpose computer on a network specifically designed and configured to withstand attacks.
This works but does have security implications in that potentially the entire internet can start pinging your RDS server. In my previous article, I showed how to connect to an Amazon RDS host by changing the security group and allowing direct access to port 3306.
