A small application to make it easier to get to RDS servers in private subnets via EC2 bastion servers
- make
- golang
Run make build
, a binary will be produced
in the build
folder
First, configure your AWS ~/.aws/credentials
file. Tunneller
will read this during execution. At this point, it doesn't
support custom credential file locations, so ensure it's
in the correct place.
Tunneller has its own terminal based UI, so it can be run by simply invoking the binary. There are, however a few flags that can be used to skip a few steps:
-profile
- The profile name to use-local-port
- Which local port to bind to, default is 8888-region
- Which AWS region to use-os-user
- SSH Bastion Username
Tunneller uses the ec2-instance-connect
part of the AWS SDK
to upload a public key into the selected EC2 instance and then
does a vanilla SSH tunnel through. The equivalent CLI commands
would be
ssh-keygen -f bastionkey -N ""
aws ec2-instance-connect send-ssh-public-key \
--instance-id $(BASTION_ID) \
--instance-os-user $(BASTION_USER) \
--ssh-public-key file://./bastionkey.pub \
--availability-zone $(BASTION_AZ)
ssh -L -L 8888:$(DB_HOST):$(DB_PORT) ec2-user@$(BASTION_USER)
Make region configurableMake local port configurableMake remote port configurableAdd flags to skip steps- Unit testing
- Code cleanup
Make bastion username configurableCI pipeline to compile and package binary
Most of the connection code is lifted wholesale from here. Thanks for allowing me to be lazy.