AWS Bastion: SSH Tunneling to RDS & EC2 without Public Facing Infrastructure

https://medium.com/@spensireli/next-generation-bastion-ssh-tunneling-to-rds-ec2-without-public-facing-infrastructure-5cd9bab68794

Recently with the use of SSM Session Manager and SSH proxying I was able to perform SSH tunneling to resources within a private VPC. SSM has supported tunneling for a while however most resources you will find online only explain how to tunnel to the instance that is running the SSM agent. In this use-case you are able to use SSM paired with an internal bastion to connect to other resources within the VPC, i.e. RDS or a different EC2.

Why? No more EIP's and internet facing hosts required. Without you being an authenticated user through AWS IAM or AWS SSO you can't leverage the SSM Sessions Manager to perform the initial connection.

submitted by /u/FileInfector
[link] [comments]