Issue
I have a VPC with a public and a private subnet. In the private subnet I have a EC2 instance without a public ip. The EC2 instance is connected to the Internet with a NAT Gateway. Ok.
In the EC2 I want install a database.
In my local machine I installed the AWS-CLI and the SSM plugin, with SSM i can connect to the machine without problem
aws ssm start-session --target <instanceID>
Now I want connect to the EC2 with SSH/SCP and with a DB Tools like Datagrip.
It's possibile without a Bastion Host in the public subnet?
Solution
Yes, it should be possible as SSM supports tunneling:
Answered By - Marcin Answer Checked By - Terry (WPSolving Volunteer)