Skip to content

Connecting to AWS RDS Databases

Connect to Amazon RDS databases (MySQL, PostgreSQL, Aurora) through an EC2 bastion host using AWS Session Manager.

How It Works

Your Mac -> EC2 Bastion Host -> RDS Database
   |              |               |
Local Port    SSM Session    Private Endpoint
  1. StormTunnel opens a Session Manager tunnel to an EC2 instance
  2. The EC2 instance forwards traffic to the RDS endpoint
  3. You connect to localhost as if the database were local

Prerequisites

  • EC2 bastion host in the same VPC as your RDS database
  • Network access from the EC2 instance to the RDS endpoint
  • AWS credentials configured with SSM permissions (see AWS Configuration)
  • RDS endpoint from the RDS console

Creating an RDS Tunnel

Step 1: Get Your RDS Endpoint

  1. Open AWS Console -> RDS
  2. Select your database
  3. Copy the Endpoint (e.g., mydb.abc123xyz.us-east-1.rds.amazonaws.com)
  4. Note the Port (MySQL: 3306, PostgreSQL: 5432)

Step 2: Create the Tunnel

  1. Click + in StormTunnel
  2. Select Tunnel Type: AWS Session Manager
  3. Configure:
Field Example
Name Production MySQL
EC2 Instance ID i-0abc123def456
AWS Profile production
AWS Region us-east-1
Local Port 3306
Remote Host mydb.abc123xyz.us-east-1.rds.amazonaws.com
Target Port 3306
  1. Click Save

Step 3: Connect

Toggle the tunnel On, then connect with your database client:

MySQL:

mysql -h 127.0.0.1 -P 3306 -u admin -p

PostgreSQL:

psql -h localhost -p 5432 -U postgres -d mydb

Database-Specific Examples

MySQL / MariaDB

Remote Host: myapp-db.abc123.us-east-1.rds.amazonaws.com
Local Port: 3306
Target Port: 3306

Connect via CLI or MySQL Workbench (127.0.0.1:3306).

PostgreSQL

Remote Host: analytics-db.xyz789.eu-west-1.rds.amazonaws.com
Local Port: 5432
Target Port: 5432

Connect via CLI, TablePlus, DBeaver, or pgAdmin (localhost:5432).

Aurora MySQL

Remote Host: my-cluster.cluster-abc123.us-west-2.rds.amazonaws.com
Local Port: 3306
Target Port: 3306

Aurora Endpoints

Use the cluster endpoint for read-write or the reader endpoint for read-only queries.

Aurora PostgreSQL

Remote Host: aurora-pg.cluster-xyz789.us-east-1.rds.amazonaws.com
Local Port: 5432
Target Port: 5432

Multiple Database Connections

Use different local ports to tunnel to multiple databases at once:

Database Local Port Remote Port
Production MySQL 3306 3306
Staging MySQL 3307 3306
Analytics PostgreSQL 5432 5432
Reporting PostgreSQL 5433 5432

Security Best Practices

  1. Use IAM authentication for RDS when possible
  2. Limit SSM permissions to users who need database access
  3. Rotate database credentials regularly
  4. Use separate AWS profiles for production and non-production
  5. Close tunnels when not in use

Troubleshooting

See Troubleshooting for common errors including "Connection refused", "Access denied", "Host not found", and timeout issues.