AWS EC2 SSH Tunnel Bastion Server

Question

Trying to understand how this works, documentation isn't very clear. Using AWS quickstart-mongo, I am making a VPN for 3 Mongo nodes, with a bastion server. I can log into my bastion server via SSH and my key. Then I can copy the key to bastion server and SSH into the primary replica node. This node is running mongo and shows via rs.status() that all 3 nodes are running correctly.

Once logged into bastion server, I try to do curl primary-mongo-node-ip:27017 , and it seems to hang.

Local Computer -> Bastion Server -> Replica Node 1 / 2 / 3

I think I understand I need to somehow connect to Bastion server, then set up a ssh forwarding to primary-mongo-node-ip:27017, sec1-mongo-node-ip:27017, sec2-mongo-node-ip:27017, so that my mongo URI connection looks like this:

SSH into bastion-dns mongodb://user:pass@localhost:1000,localhost:1001,localhost:1002/database

How do I do this when I cant event connect to the server on bastion servers without SSH?

Answer 1

Assuming that the Mongo instances allow traffic from Bastion Host (in security groups) for required ports, you can use SSH tunnelling mechanism to access the cluster/instance from your local host:

ssh -N -L <local_port_x>:<mongoDB instance ip>:<mongo_port_y> <ssh_username>@<bastion_host_ip> -i <ssh_key_path>

Local_Port_X : Port on your local machine where you want to access remote Mongo instance

MongoDB Instance IP : ip address for ec2 instance hosting MongoDB

Mongo_Port_Y : Port that MongoDB is listening on (seems 27017 from your question - please do verify that you can talk to Mongo Instance from within Bastion host on this port)

Bastion_Host_Ip : IP address on bastion host which should directly be reachable from your local machine