SSH tunneling from your local computer to an RDS instance in a private subnet.
First you need an instance that you can log into that has access to RDS. I will be calling that bastion. Make sure you add rules on the RDS security group allowing access from the bastion host.
I will be demonstrating with postgres, but you can substitute the ports and commands for mysql.
# Setting up the tunnel
ssh -N -L 3333:your.rds.endpoint.rds.amazonaws.com:5432 ssh-user@bastion
| -N | only set up the tunnel | | -L | set up the forwarding | | 3333 | the first number is the port on your local machine | | 5432 | the port on the rds instance | | your.rds.endpoint.amazonaws.com | the name of the rds endpoint | | ssh-user@bastion | how you log into your bastion host |
# Using the tunnel
# postgresql
psql -h localhost -p 3333 -d mydbname -U postgres
| -h localhost | we can specify localhost since we now have the tunnel set up | | -p 3333 | port 3333 is our local port we designated earlier in the tunnel | | -d mydbname | the name of the database you want to connect to | | -U postgres | the user name you want to connect as |