lambooni
146
4
Forge

Amazon RDS connection over SSH tunnel, via forge (no PEM key file)

Posted 1 month ago by lambooni

I have provisioned an EC2 instance via forge. When doing this, you do not get the opportunity to download the PEM key. Instead, I have added my local key to the forge SSH configuration.

I can now SSH into the EC2 instance with ssh [email protected] - all good.

I have a RDS instance setup within the same VPC. I have tested this from the EC2 instance and and can:

  • Connect to MySQL via my EC2 instance in terminal. Using:
mysql -h RDSINSTANCE.ENDPOINT.eu-west-2.rds.amazonaws.com -u USERNAME -p
  • Checked that the 3306 port is open via telnet.
telnet RDSINSTANCE.ENDPOINT.eu-west-2.rds.amazonaws.com 3306

The above all seems to suggest that the RDS instance has a connection to the EC2 instance.

I now need to open an SSL tunnel from my laptop, to connect sequelpro. Due to not having the PEM file, I have opened an SSH tunnel using the command:

ssh -L 3307:FORGE-PRIVATE-IP:3306 [email protected]

This appears to work ok. However, when trying to connect to SQL via sequel pro with settings:

  • HOST: 127.0.0.1
  • PORT:3307
  • USER: USERNAME
  • PASSWORD: PASSWORD

I get the following error from seqelpro:

Lost connection to MySQL server at 'reading initial communication packet', system error: 0

and in verbose mode in terminal:

debug1: Connection to port 3307 forwarding to 172.30.0.110 port 3306 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 3307 for 172.30.0.110 port 3306, connect from 127.0.0.1 port 56172 to 127.0.0.1 port 3307, nchannels 3

AWS support seem to think this is because the tunnel is not setup correctly, but I am unsure of any other ways.

Please sign in or create an account to participate in this conversation.