[SOLVED] DB in the EC2 on the private subnet. How connect without bastion host?

Issue

I have a VPC with a public and a private subnet. In the private subnet I have a EC2 instance without a public ip. The EC2 instance is connected to the Internet with a NAT Gateway. Ok.

In the EC2 I want install a database.

In my local machine I installed the AWS-CLI and the SSM plugin, with SSM i can connect to the machine without problem

aws ssm start-session --target <instanceID>

Now I want connect to the EC2 with SSH/SCP and with a DB Tools like Datagrip.

It's possibile without a Bastion Host in the public subnet?

Solution

Yes, it should be possible as SSM supports tunneling:

• Session Manager launches tunneling support for SSH and SCP

Answered By - Marcin

Answer Checked By - Terry (WPSolving Volunteer)