This article explains how to get around the problem of remote access to a non-public RDS database within Amazon’s AWS.
The problem is that RDS databases can be set to public or private when being created but are not easy to change later due to DNS issues. There are ways to do it but if you simple don’t have access to alter the RDS, this article is for you.
You need an EC2 within the same VPC as the RDS database for this to work. This is because you will be hitting the RDS on it’s 10.0.0.x address (or whatever it is). This example deals with MySQL but will work for other DB types too. We’re using CentOS7 for this tutorial. The private IP address of the RDS in this tutorial is “10.0.0.123”.
First spin up an EC2 and install “xinetd”:
yum install xinetd
Add the following to the (new) file “/etc/xinetd.d/rds-agix”:
service rds_forward
{
disable = no
type = UNLISTED
socket_type = stream
protocol = tcp
user = nobody
wait = no
redirect = 10.0.0.123 3306
port = 3306
}
Restart xinetd:
systemctl restart xinetd
Now you can test by aiming psql to the EC2 and the packets will be redirected to the RDS.
