profile

AWS for the Real World

You put your database in a private subnet. Good luck connecting to it.

Published 3 months ago • 1 min read
AWS FOR THE REAL WORLD
⏱️
Reading time: 7 minutes
🎯
Main Learning: Learn how to securely connect to your RDS database in a private subnet using an EC2 jumphost and AWS Session Manager. No SSH keys needed.
📝

Hey Reader 👋🏽

Hope you had a great Christmas with your loved ones 🎄

Tobi and I spent a few days in Berlin consulting with a startup, then caught the last sunny days in Munich before winter really hits.

This week: how to actually connect to your RDS database in a private subnet.

Every AWS certification tells you to put databases in private subnets. Great advice. But nobody explains what happens when you need to run a query and realize... you can't reach it from your laptop.

I've seen senior developers stuck on this. It's one of those gaps between exam knowledge and real-world work.

You'll need access when you want to:

  • Inspect your data
  • Test queries
  • Run migrations

We recorded this as a YouTube video if you'd rather watch than read:

video preview

News

First, a few AWS updates worth knowing.

📰 This Week in AWS

💌Amazon SES email validation

If you've ever worked with SES on a scale, you know bounces are hard to tackle. SES now allows you to validate emails using an API! Read More →

💰Cost allocation on USER's attributes

You can now allocate costs based on user's attributes in Identity Center like Cost Center, division, org, etc. Read More →

🌐Lambda Durable Functions are available in 14 regions.

Durable functions are now available in even more regions. Check them out to orchestrate your Lambda steps. Read More →

Our Favrouite: SES now has an email validation API. I'd have needed this on one of my past projects.

Remember: If you let customers send emails, you'll attract spammers. Validating addresses before they hit your system saves you from bounces, complaints, and a trashed sender reputation.

Deep Dive

Now for the main event.

Cover

📚 This Week's Deep Dive

The Problem: Your Database Is Unreachable

Every AWS certification teaches you to put databases in private subnets. That's the right call for security. But when you need to run a query, you realize nobody explained how to actually reach it.

Your RDS instance has no public IP. Your laptop sits outside the VPC. There's no path.

RDS Architecture showing the gap between your laptop and the private subnet

The Solution: EC2 Jumphost with Session Manager

You need a bridge into the private network. Session Manager gives you that bridge without SSH keys, open ports, or a NAT gateway.

The video walks through the full CDK setup, VPC endpoints, and a live demo of the tunnel in action.

🎬 Watch the Full Tutorial →

Prefer reading? Read the blog post instead

That's it for this week. Enjoy the holidays, don't touch prod, and I'll see you in January. 👋🏽

Sandro & Tobi ✌🏽

AWS for the Real World

by Tobi & Sandro

We teach AWS for the real world - not for certifications. Join more than 10,500 developers learning how to build real-world applications on AWS.

Read more from AWS for the Real World

AWS FOR THE REAL WORLD ⏱️ Reading time: 12 minutes 🎯 Main Learning: The 11 most impactful AWS releases from the past 12 months that have nothing to do with AI. 📝 Blog Post Hey Reader 👋 Every re:Invent recap, every AWS blog, every newsletter from the past year has been dominated by one topic. You know which one. But while everyone was writing about agents and foundation models, the core infrastructure layer kept moving. Quiet releases. No keynote fanfare. Things that actually affect your...

3 days ago • 2 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 5 minutes 🎯 Main Learning: Deploy AWS's open-source TEAM solution for temporary admin access with approval workflows 🎬 Watch on YouTube Hey Reader 👋🏽 I hope you had a great weekend and have a great week ahead. One thing I see over and over again in AWS setups: admin permissions are either handed out way too easily or way too hard. There is no middle ground. In other systems this was already solved. You shouldn’t have to DM somebody for admin access. We...

10 days ago • 3 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 12 minutes 🎯 Main Learning: Run an always-on AI agent on a $5 Lightsail instance with zero open ports, SSM access, and GitHub as a time machine for your agent's brain 📝 Blog Post 🎬 Watch on YouTube Hey Reader 👋🏽 the past weeks there is obviously one driving topic: OpenClaw 🦞 We love seeing that a developer from our neighbor country 🇦🇹 built a tool that got so MUCH hype. That is why we needed to try it out as well! While I (Sandro) added OpenClaw to my...

17 days ago • 2 min read