Connecting to Amazon RDS instance through EC2 instance using MySQL Workbench

Question

In AWS I have a VPC set up with a Bastion Host. The bastion host is a single EC2 instance with a public address trough which you can SSH to any other server on the VPC.

Answer 1

If you want to truly use the VPC connectivity of AWS and not allow public IPs do the following.

If you have one security group that both your EC2 and RDS are assigned to then add an inbound rule for mysql 3306 on TCP but in the source field do not put IP or subnet but the actual security group ID. ie sg-9829f3d2.

I personally have two security groups on VPC.

The first, security group 1 is in use by the EC2 instance and only allows the ports required for the EC2, ie 80 and 22.

The second, security group 2 is in use by just the RDS instance(s) and has one rule for allowing mysql (3302) and the source field is set to the id of security group 1.

All the Mysql workbench SSH tunnelling works with the two security groups as well.