In this hands-on lab, we will create an Aurora MySQL database. First, we will verify that the security groups, network ACL (NACL), and route tables are all configured to allow communication between an instance in a public subnet and an RDS database in a private subnet. After verifying the appropriate settings are in place, we will create the database. Once that is done, we will use an EC2 instance as a bastion to allow us to connect to our private database from an external source. We will utilize MySQL Workbench to connect to our private RDS Aurora database through the public EC2 bastion.
Successfully complete this lab by achieving the following learning objectives:
- Configure the Security Groups, Route Tables, and NACL
- Verify the NACL permits port 22 for SSH and port 3306 for MySQL/Aurora.
- Verify two route tables exist: one utilizing an internet gateway and another with no IGW/NAT routes.
- Verify the private subnet is associated with the route table that does not contain an internet gateway.
- Verify the public subnet is associated with the route table that does contain an internet gateway.
- Create a new security group containing rules to permit port 22 and 3306 from 0.0.0.0/0, and assign this security group to the EC2 bastion.
- Set Up an EC2 Instance for SSH Tunneling
- Create an EC2 instance, ensuring you select the previously created security group with rules for ports 22 and 3306.
- During the instance creation process, download the
.pemkey file, as this will be used to establish a connection to the EC2 instance.
- Using your downloaded key, log in to your EC2 instance via SSH to verify connectivity.
- Create an RDS Aurora Database
- Create a T2.small RDS Aurora database, ensuring the database is launched in a private subnet.
- Ensure the security group associated with the RDS Aurora database permits traffic on TCP 3306.
- Use MySQL Workbench to verify connectivity, ensuring the Connection Method is set to Standard TCP/IP over SSH, and SSH Key File is set to your previously downloaded