When it comes to databases and AWS VPC, best practice is to place your database in private subnet. By definition, private subnet in AWS is not reachable from the Internet because no Internet gateway is attached to private subnet. This is the way you protect your data. This kind of configuration is good for security but bad for data management.
How can you easily access and manage your secured data?
There are two basic ways to acees it.
- Access postgres RDS from bastion host. There are following requirements for this.
- postgre RDS instance should open 5432 for ingress from bastion/jump server
- pgsql client should be installed on bastion host
Run following command to connect:
$psql -h <host> -p <port> -U <username> -W <password>To install pgsql client you should following this page Install PostgreSQL Client
- You can also access postgress sql from your local (Mac). For this you should create tunnel from you local to rds instance via bastion host.
Suppose:
Bastion host IP is 132.5.10.11 and user is ec2-user and key_name is bastion_key.pem
Your postgress RDS instance fqdn is postgress.cpypigm0kth7.us-east-1.rds.amazonaws.com
Command to make tunnel:
ssh -i "bastion_key.pem" -NL 4444:postgress.cpypigm0kth7.us-east-1.rds.amazonaws.com:5432 [email protected] -v