Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/epomatti/aws-ssh-tunneling

SSH tunneling example with AWS
https://github.com/epomatti/aws-ssh-tunneling

aws aws-security aws-ssm ec2 run-command ssh ssh-tunnel ssh-tunneling ssm systems-manager terraform

Last synced: about 2 months ago
JSON representation

SSH tunneling example with AWS

Awesome Lists containing this project

README

        

# AWS SSH Tunneling

Connecting from a local workstation to AWS RDS MySQL via SSH tunneling.

Create a `.auto.tfvars` to setup your stack:

```terraform
aws_region = "us-east-2"
rds_instance_class = "db.t4g.micro"
rds_multi_az = false
rds_username = "mysqladmin"
rds_password = "p4ssw0rd"

jumpserver_allow_ssh = ["0.0.0.0/0"]
```

Apply the stack:

```sh
terraform init
terraform apply -auto-approve
```

Create a temporary key pair:

```sh
mkdir keys
ssh-keygen -f keys/temp_key
```

Add the public key to the `.ssh/authorized_keys` file using SSM Run Command:

```sh
# Set "instance-id" and "SSH_PUB_KEY" values accordingly
aws ssm send-command \
--targets "Key=InstanceIds,Values=instance-id" \
--document-name "AWS-RunShellScript" \
--comment "Add public key to SSH tunneling" \
--parameters "commands='echo SSH_PUB_KEY >> /home/ubuntu/.ssh/authorized_keys'" \
--output text
```

Check the command status:

```sh
aws ssm get-command-invocation \
--command-id "ef7fdfd8-9b57-4151-a15c-db9a12345678" \
--instance-id "i-1234567890abcdef0" \
--query Status
```

Check if everything is working by connecting via SSH:

```sh
ssh -i keys/temp_key ubuntu@
```

Before creating the tunnel, enhance the security by allowing only your IP to connect via SSH:

```terraform
jumpserver_allow_ssh = ["YOUR PUBLIC IP/32"]
```

Apply the configuration.

Now, create the tunnel:

```
ssh -i keys/temp_key -f -N -l ubuntu -L 3306:RDS_MYSQL_FQDN:3306 EC2_INSTANCE_FQDN -v
```

If the tunnel is created, you should now be able to connect to MySQL from your local machine on port `3306`.

---

### Clean-up

```sh
terraform destroy -auto-approve
```