mysqlamazon-web-servicesamazon-vpcrdsaws-security-group

Is there a way to have AWS RDS Public Accessibility = No but still accessible outside of EC2 instance?


For management-related reasons, I need the Public Accessibility option set to "No" for the RDS.

However, we're also looking into being able to access the RDS from our local devices. The only way we're able to do so is by selecting "Yes" in Public Accessibility. Of course, the VPC, Gateway, Subnet, and Security Groups are already set with the appropriate public-facing stuff, which is probably why the Yes option is working.

But the moment we set it to No, only the EC2 instances are now able to connect to the database.

Is there a way around this or is that really what the Public Accessibility flag does by design?

Thanks in advance.


Solution

  • Yes Public Accessibility flag prevent you from accessing the RDS directly through Internet, but you can indirectly access through a jumpserver(like ssh bashtion) which is placed in public subnet. Most of the popular Mysql UI editors like sequel pro has a in build option for ssh config, using this option you can access RDS from local devices. you can also configure tunneling to bastion.