Bastion Host
Bastion Host
Connect to the Linux bastion host instance
Connect to the Linux bastion host instance using either ssh. For either option, include the -A argument to enable authentication agent forwarding.
ssh -A username@bastion-host-external-ip
Connect to the instance that does not have an external IP
From the Linux bastion host instance, connect to the instance that does not have an external IP address by using SSH.
ssh username@internal-instance-ip-address
MySQL through SSH Tunnel
Create an SSH Tunnel on Linux and macOS
If you are using Linux or macOS as your operating system, you can create an SSH tunnel using the following command:
ssh -i YOUR-KEY.pem -N -L 8306:<MYSQL_PRIVATE_SERVER_IP>:3306 <USER>@<BASTION_PUBLIC_IP>
The options used are as follows:
-N Tells SSH not to execute a remote command.
-i is your identity key (.pem key for open ssh or .ppk for putty).
-L 3336:<MYSQL_PRIVATE_SERVER_IP>:3306 Creates a local port forwarding. The local port (8306), the destination IP [MYSQL_PRIVATE_SERVER_IP] and the remote port (3306) are separated with a colon (:).
[USER]@[BASTION_PUBLIC_IP] The remote SSH user and server IP address.
To run the command in the background, use the -f option.
If the SSH server is listening on a port other than 22 (the default) specify the port with the -p [PORT_NUMBER] option.