New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Native SSH tunnel over AWS SSM #9107
Comments
thanks for suggestion |
The solution to this doesn't need to be as complex as supporting AWS SSM. SSM already supports SSH, so all DBeaver needs to do is allow the use of the native SSH agent. On macOS for example my |
Very interested also :) |
I am very interested in the AWS SSM feature. |
DBeaver using the system-wide SSH setup would benefit from all the SSH tooling (ssh-agent, ssh_config, known_hosts, etc) and the feature here requested would be available for free. I am lacking some context on why DBeaver uses its own separate SSH stack. I'd be interested in the topic if anyone can share some links. |
Will add, that AWS SSM SSH tunnel, also, makes possibe to connect to DBs that located in private subnets with no need to create bastion host in public. So yes - we are waiting for this feature too |
Any updates? |
This feature would indeed be great |
You can use your existing SSH config for SSM just fine with DBeaver, simply open an SSH tunnel with the proper ports:
Then connect to your localhost port 5432 to access your AWS RDS instance behind SSM |
@bm-jacob Obviously you can do that. We are speaking about using SSM within network profiles manged by DBeaver. |
Although you can't use SSM or EC2 Instance Connect in the SSH tab, you can use Shell Commands to setup SSM or EC2 Instance Connect and then tunnel through that. With this the entire connection will be handled within DBeaver, but managing this through the SSH tab directly would be greatly preferable. For instance, this workaround probably works best with unique ports for tunnels to different instances and every instance is identified as localhost so you either have to select Bypass host verification (under Advanced settings on the SSH tab) or manually check the host every time you connect to a different instance. |
Here is how ive got it done without using "Before Connect" shell script and instead manually doing shell yourself:
|
As a follow up to my previous comment, to get around needing to use bypass host verification enter a unique host name for each instance that maps to 127.0.0.1. This can either be performed in the hosts file or by using a service that maps DNS names to IP addresses, e.g. db.127-0-0-1.nip.io. |
Native AWS SSM tunnels support will be added in DBeaver 24.1 (PRO products). Unfortunately it is not possible to add this feature in Community (one of the reasons is dependency on AWS SDK and AWS CLI). |
Is your feature request related to a problem? Please describe.
Currently, I'm connecting to my RDS instances through jump hosts over AWS SSM. Since there's no AWS SSM support yet on dbeaver, I'm creating the SSH tunnel separately on terminal, and then on my dbeaver connection settings, I connect to the databases on localhost. This is far less than ideal and not scalable when working with multiple databases and drivers.
Describe the solution you'd like
I would like a native support for SSH tunnel over AWS SSM.
Describe alternatives you've considered
Perhaps having dbeaver to read from local ssh config? That way we could still make use of
ProxyCommand
to invoke aws ssm to start a session.The text was updated successfully, but these errors were encountered: