App overview screenshotSQL and Database Guides
PostgresMySQL
Try our free SQL Client
Tools
Connecting to MySQL
Connecting to drivers
Installing MySQL
Setting up MySQL
MySQL   >   
Connecting to MySQL   >   
MySQL Bastion on AWS

Connect to MySQL on AWS with SSH

Create Bastion Server

Create the smallest EC2 instance available. Take note of the Virtual Private Cloud (VPC) network it is created in.

aws configure instance details

Configure the security group. This must allow connections from the outside internet to the bastion server. For example, you can look up your machine's IP address and allow SSH connections to this instance from it. In the example below, the developer's machine has an IP of 255.255.255.255.

aws configure security group

Just before you Launch the instance, you should ensure that you have access to the SSH key that is associated with it.

Lock down the RDS Instance

Your database instance may have previously had some other configuration, but now it should be Not Publicly Accessible.

aws connectivity

However, now your instance is completely closed off. Add a security group which will allow all connections to the instance within the VPC as below. The VPC of the RDS instance should be the same as the VPC of the EC2 Bastion Server above.

aws inbound rules

Now your database instance is secured behind your private cloud network and your bastion server is accepting SSH connections.

Gather the SSH Bastion Credentials

Navigate to the EC2 Console and select your SSH instance from the list of instances.

Get the SSH server hostname.

You will have downloaded the .pem file when you first created the instance. If you need to add a new key you can follow these instructions from AWS, or if you need to reset the key you will need to restart the server. The username will be ec2-user or ubuntu.

Find MySQL Credentials for RDS

You can find our tutorial for accessing MySQL on AWS here. The key difference is that in this setup, the MySQL instance is closed to the world. You can check that your instance is configured correctly in the following ways.

First, check that it does not allow public connections, it is part of your default VPC, and it has security groups applied to it which would permit MySQL connections within the VPC.

Check that RDS is configured to accept private connections.

Next, click through to the security group to ensure that it allows all IP addresses (within your private cloud) to connect on MySQL ports.

Allow MySQL connections security group.

With these steps taken, your instance is ready to accept private connections. Take note of the hostname, the default user is admin unless you created a new one, the default database is mysql and the password would have been created for you when the instance was created. You can modify the instance and reset the password if you do not have access to it.

Connect to MySQL via SSH in your client

You can use a SQL client like Arctype to connect to your MySQL instance securely. Gather the credentials from the SSH bastion server and the RDS MySQL instance as shown above and enter them into the client. A successful connection looks like this:

Connecting to MySQL through SSH in AWS.

Finally, Test Connection and Save—you're ready to write some queries!

Want to ask for help on databases or SQL? Join our Discord community.