I have a service running on a normal AWS Linux EC2 instance. The backend is postgresql which by default is not exposed to outer world. The instance is exposed by HTTPS for web access to the frontend service only.
I want to use a client to remotely connect to this DB for debug and maintenance purpose from time to time. What are the steps to open it up?
I’d guess following steps maybe?
- Change config of the DB service to allow it accept connection from outer world?
- Change EC2 firewall rules to allow external connection to the DB service port (what port)?
Thanks
I haven’t tried anything cos I searched but couldn’t find any tutorial.
2
Answers
Based on your response, you need to do two things
First ensure that you have firewalls open so you can hit the Postgres service ( by default port 5432 ) from your laptop.
Inside the Postgres service there is an additional firewall. If you can connect to it from within the EC2 instance, "show hba_file" will tell you that file location ( in my case it is the default location ). See the doc for what it does
hba_file
/var/lib/postgresql/data/pg_hba.conf
The safest option would be to keep your Postgres database inaccessible to the Internet.
To connect to it, use SSH Port Forwarding that will connect your local computer to the EC2 instance.
You would connect to the instance with:
This will redirect local port 5000 (you can choose any number) to the EC2 instance and from that instance it will connect to
localhost:5432, which is where the Postgres database is running.Your local SQL client can connect to it via
localhost:5000, which will forward traffic through the tunnel. The traffic will ‘appear’ to be coming from the EC2 instance itself, so your database should accept the traffic.