All HowTo's Cyber-Security Linux Redhat, Fedora and CentOS Linux

How to remotely access a non-pubilc RDS within AWS (CentOS7 & RHEL7)

This article explains how to get around the problem of remote access to a non-public RDS database within Amazon’s AWS.

The problem is that RDS databases can be set to public or private when being created but are not easy to change later due to DNS issues. There are ways to do it but if you simple don’t have access to alter the RDS, this article is for you.

You need an EC2 within the same VPC as the RDS database for this to work. This is because you will be hitting the RDS on it’s 10.0.0.x address (or whatever it is). This example deals with MySQL but will work for other DB types too. We’re using CentOS7 for this tutorial. The private IP address of the RDS in this tutorial is “”.

First spin up an EC2 and install “xinetd”:

yum install xinetd

Add the following to the (new) file “/etc/xinetd.d/rds-agix”:

service rds_forward
    disable         = no
    type            = UNLISTED
    socket_type     = stream
    protocol        = tcp
    user            = nobody
    wait            = no
    redirect        = 3306
    port            = 3306

Restart xinetd:

systemctl restart xinetd

Now you can test by aiming psql to the EC2 and the packets will be redirected to the RDS.

Leave a Reply

Your email address will not be published. Required fields are marked *