DEV Community

Cover image for How to connect easily to a private Amazon RDS without EC2 instances
Federico Navarrete
Federico Navarrete

Posted on • Updated on • Originally published at

How to connect easily to a private Amazon RDS without EC2 instances


My client owns its own domain, I haven't tested it without a domain. If you test it and worked as expected, share the trick in the comments section below.

If you have been developing apps or are new to AWS, you might have experienced some challenges; especially, when you are running them under a private subnet.

A common tutorial is this one from AWS:

How can I connect to a private Amazon RDS DB instance from a local machine using an Amazon EC2 instance as a bastion host?

Generally speaking, it's overcomplicated. My client has some extreme policies that made the tutorial barely usable. We needed to do some extra workarounds in the AWS CLI to make it work, including opening the specific ports in advance (5432 [PostgreSQL], for instance). And finally connecting with an uncommon trick like this one:


After a while, I found an easier way that worked for us, we created a Create private hosted zone with our domain and our preferred region (eu-west-1) in Route 53, for example:

Next, inside your hosted zone you need to create a new record using your RDS instance endpoint, for example:


Your new record must contain the following:

  • Record name: the name you want to give like homedb
  • Record type: choose the option: CNAME.
  • Value: the endpoint in your RDS instance:

Do click in Create records and that's all. You will get something like this:

After this, you can access your RDS instance without any extra EC2s or complex workarounds. If you face any troubles, verify if you have the DB ports open in your firewall.

Follow me on:

LinkedIn YouTube Instagram Cyber Prophets Sharing Your Stories
LinkedIn YouTube Instagram RedCircle Podcast RedCircle Podcast

sponsor me

Banner credits:

Top comments (1)

captrespect profile image
Jonathon Roberts

This will expose your database to the internet, so it's probably best not to do this. Exploits on databases have reeked havok on the internet in the past. It's best to keep it hidden and exposed only through the bastion host and ssl.