Connecting to a Private RDS Instance via an EC2 Proxy

Context

To enhance security, RDS instances are typically placed in a private subnet within a VPC, making them inaccessible from outside the VPC.

In dev/test environment, this can pose a challenge when you need to connect to the database from your local machine to test your application.

This solution provides a way to set up a proxy that forwards traffic from your client to the private RDS instance using an EC2 proxy instance.

You will setup an EC2 instance, at public subnet that it can receive request from developer.
The EC2 instance will forward traffic to RDS instance at private subnet

Create an EC2 instance with following setting:

AMI: Amazon Linux 2 Kernel 5.10
Instance type: t2.micro
Key pair: process without a key pair
Network
- VPC: choose the VPC that same with VPC you are using with RDS instance
- Subnet: choose public subnet
- Security Group: allow all inbound traffic

Then click Launch instance to create proxy server.

To forward traffic to RDS instance, you need to know:

For proxy server security group:
- Inbound: allow Anywhere-Ipv4 (MYSQL/Aurora, PostgreSQL,... depend on your database engine) on port (3306, 5432,... depend on your database port)
- Outbound: security group of RDS instance.
For security group of database instance:
- Inbound: add additional rule to allow traffic from security group of proxy server. Don't remove any existing rule.
- Outbound: add additional rule to allow traffic to security group of proxy server. Don't remove any existing rule.

SSH to the EC2 instance and run following commands:

Replace content of /etc/haproxy/haproxy.cfg with following values:

Reset service if needed

Now you can connect to RDS instance in private subnet by replace the RDS Endpoint with Public IP of EC2 proxy server.

Delete EC2 proxy server if you no longer need it to reduce cost.

This solution is prefer using for dev/test environment. For production workload, be careful when manage firewall to ensure secure connection.

🚀 BE HAPPY ON CLOUD 🚀