@@ -376,11 +376,12 @@ The [Database](#database) component deploys a database instance inside a private
376376and it's not publicly accessible from outside of VPC.
377377<br >
378378In order to connect to the database we need to deploy the ec2 instance which will be used
379- to open an SSH tunnel to the database instance.
379+ to forward traffic to the database instance.
380380<br >
381- Because of security reasons, ec2 instance is also deployed inside private subnet
381+ Because of security reasons, the ec2 instance is also deployed inside a private subnet
382382which means we can't directly connect to it. For that purpose, we use AWS System Manager
383- which enables us to connect to the ec2 instance even though it's inside private subnet.
383+ which enables us to connect to the ec2 instance even though it's inside a private subnet.
384+ The benefit of using AWS SSM is that we don't need a ssh key pair.
384385
385386![ AWS RDS connection schema] ( /assets/images/ssm-rds.png )
386387
@@ -392,18 +393,6 @@ which enables us to connect to the ec2 instance even though it's inside private
392393$ brew install --cask session-manager-plugin
393394```
394395
395- 2 . Generate a new ssh key pair or use the existing one.
396-
397- ``` bash
398- $ ssh-keygen -f my_rsa
399- ```
400-
401- 3 . Set stack config property by running:
402-
403- ``` bash
404- $ pulumi config
set ssh:publicKey
" ssh-rsa Z...9= [email protected] " 405- ```
406-
407396SSM Connect can be enabled by setting ` enableSSMConnect ` property to ` true ` .
408397
409398``` ts
@@ -418,30 +407,23 @@ export const ec2InstanceId = project.ec2SSMConnect?.ec2.id;
418407Open up your terminal and run the following command:
419408
420409``` bash
421- $ aws ssm start-session --target EC2_INSTANCE_ID --document-name AWS-StartPortForwardingSession --parameters ' {"portNumber":["22"], "localPortNumber":["9999"]}'
422- ```
423-
424- Where ` EC2_INSTANCE_ID ` is an ID of the EC2 instance that is created for you. ID can be
425- obtained by exporting it from the stack.
426-
427- Next, open another terminal window and run the following command:
428-
429- ``` bash
430- $ ssh ec2-user@localhost -p 9999 -N -L 5555:DATABASE_ADDRESS:DATABASE_PORT -i SSH_PRIVATE_KEY
410+ $ aws ssm start-session --target EC2_INSTANCE_ID --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters ' {"host": ["DATABASE_ADDRESS"], "portNumber":["DATABASE_PORT"], "localPortNumber":["5555"]}'
431411```
432412
433- Where ` DATABASE_ADDRESS ` and ` DATABASE_PORT ` are the address and port of the database instance,
434- and ` SSH_PRIVATE_KEY ` is the path to the SSH private key.
413+ Where ` EC2_INSTANCE_ID ` is an ID of the EC2 instance that is created for you
414+ (ID can be obtained by exporting it from the stack), and
415+ ` DATABASE_ADDRESS ` and ` DATABASE_PORT ` are the address and port of the
416+ database instance.
435417
436418And that is it! 🥳
437419Now you can use your favorite database client to connect to the database.
438420
439421![ RDS connection] ( /assets/images/rds-connection.png )
440422
441423It is important that for the host you set ` localhost ` and for the port you set ` 5555 `
442- because we have an SSH tunnel open that forwards traffic from localhost:5555 to the
443- DATABASE_ADDRESS: DATABASE_PORT . For the user, password, and database field, set values
444- which are set in the ` Project ` .
424+ because we are port forwarding traffic from
425+ localhost:5555 to DATABASE_ADDRESS: DATABASE_PORT .
426+ For the user, password, and database field, set values which are set in the ` Project ` .
445427
446428``` ts
447429const = new studion .Project (' demo-project'
0 commit comments