Access AWS RDS from Private Subnet

Question

I created an AWS VPC with public and private subnet.

I created an RDS(MySQL) inside private subnet. I want to access the RDS from internet (From my home machine).

I have kept the flag Publicly Accessible Yes. Also in the RDS security group, I tried to open port3306 for all IPs (I know not recommended but still) as well tried all ports with all IPs (the worst security ..I know) and tried to access but nothing worked. I can access the RDS from bastion machine created in public subnet but from internet I can not.

Do you think, am I required any other setting?

I verified ACL and they are fine too.

Any help would be appreciated.

Answer 1

You cannot access instances in a private subnet from the internet - that is the point of a private subnet.

Either access it thru the bastion machine, or put it in the public subnet.

Edit:

There is a good description of different options here. If you put your RDS instance into a private subnet, then it is not accessible from the internet. So if you need access from the internet, it must be placed in a public subnet.

Answer 2

Very late response, but you could set up a bastion server in the public subnet and set up an ssh tunnel through that bastion server.