At times, a developer may need to access infrastructure not available on the public internet. A common example of this is accessing a database located in a private subnet, as described in the VPC Scenario docs:
Instances in the private subnet are back-end servers that don’t need to accept incoming traffic from the internet and therefore do not have public IP addresses; however, they can send requests to the internet using the NAT gateway.
For a recent project, I needed a convenient way to query private databases in Python to do some repeatable data management operations. Tools like DBeaver have built-in support for connecting to databases over SSH tunnels, however I needed something more scriptable. Standing up a service in AWS would have worked however seemed to be overkill for my simple scripting needs. My goals were to 1) get auth credentials from AWS Secrets Manager (RDS places credentials in Secrets Manager by default, or at least when creating RDS instances via CDK); 2) setup a tunnel through a jumpbox to allow access to the RDS Instance; 3) run SQL queries against the DB. Automating this process in Python was not immediately clear until found the
sshtunnel module. After playing around with the code for a bit, I was able to put together a utility class with Pydantic and Psycopg2 to conveniently connect to a private RDS instance via SSH tunneling. I figured I would share in the event that someone ever needs such a tool in the future.