profile

AWS for the Real World

You put your database in a private subnet. Good luck connecting to it.

Published 21 days ago • 1 min read
AWS FOR THE REAL WORLD
⏱️
Reading time: 7 minutes
🎯
Main Learning: Learn how to securely connect to your RDS database in a private subnet using an EC2 jumphost and AWS Session Manager. No SSH keys needed.
📝

Hey Reader 👋🏽

Hope you had a great Christmas with your loved ones 🎄

Tobi and I spent a few days in Berlin consulting with a startup, then caught the last sunny days in Munich before winter really hits.

This week: how to actually connect to your RDS database in a private subnet.

Every AWS certification tells you to put databases in private subnets. Great advice. But nobody explains what happens when you need to run a query and realize... you can't reach it from your laptop.

I've seen senior developers stuck on this. It's one of those gaps between exam knowledge and real-world work.

You'll need access when you want to:

  • Inspect your data
  • Test queries
  • Run migrations

We recorded this as a YouTube video if you'd rather watch than read:

video preview

News

First, a few AWS updates worth knowing.

📰 This Week in AWS

💌Amazon SES email validation

If you've ever worked with SES on a scale, you know bounces are hard to tackle. SES now allows you to validate emails using an API! Read More →

💰Cost allocation on USER's attributes

You can now allocate costs based on user's attributes in Identity Center like Cost Center, division, org, etc. Read More →

🌐Lambda Durable Functions are available in 14 regions.

Durable functions are now available in even more regions. Check them out to orchestrate your Lambda steps. Read More →

Our Favrouite: SES now has an email validation API. I'd have needed this on one of my past projects.

Remember: If you let customers send emails, you'll attract spammers. Validating addresses before they hit your system saves you from bounces, complaints, and a trashed sender reputation.

Deep Dive

Now for the main event.

Cover

📚 This Week's Deep Dive

The Problem: Your Database Is Unreachable

Every AWS certification teaches you to put databases in private subnets. That's the right call for security. But when you need to run a query, you realize nobody explained how to actually reach it.

Your RDS instance has no public IP. Your laptop sits outside the VPC. There's no path.

RDS Architecture showing the gap between your laptop and the private subnet

The Solution: EC2 Jumphost with Session Manager

You need a bridge into the private network. Session Manager gives you that bridge without SSH keys, open ports, or a NAT gateway.

The video walks through the full CDK setup, VPC endpoints, and a live demo of the tunnel in action.

🎬 Watch the Full Tutorial →

Prefer reading? Read the blog post instead

That's it for this week. Enjoy the holidays, don't touch prod, and I'll see you in January. 👋🏽

Sandro & Tobi ✌🏽

AWS for the Real World

by Tobi & Sandro

We teach AWS for the real world - not for certifications. Join more than 10,500 developers learning how to build real-world applications on AWS.

Read more from AWS for the Real World

AWS FOR THE REAL WORLD ⏱️ Reading time: 8 minutes 🎯 Main Learning: 5 practical techniques to cut Lambda costs (memory, timeouts, ARM, batching, caching) 📝 Blog Post 🎬 Watch on YouTube Hey Reader 👋🏽 Lambda bills can sneak up on you. One function is often not expensive. But then you scale it up and 💥 it costs you $5,000. Sounds familiar? We had this exact problem with our Shopify fraud detection app. Orders coming in via EventBridge, each triggering its own Lambda.And the bill was $150/month...

about 4 hours ago • 2 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 8 minutes 🎯 Main Learning: Generate AWS architecture diagrams using AI with Kiro and MCP servers - skip the hours of dragging boxes in Lucidchart. 📝 Blog Post 🎬 Watch on YouTube Hey Reader 👋🏽 Big news: We launched our YouTube channel! 🎬 We've published 7 videos so far and are almost at 800 subscribers. Our goal is to keep a weekly rhythm, so expect fresh content every week. If you haven't subscribed yet, here's the link. No exciting AWS news this week....

5 days ago • 1 min read

AWS FOR THE REAL WORLD ⏱️ Reading time: 10 minutes 🎯 Main Learning: Building and testing Lambda@Edge functions with CloudFront is complicated, as deployments can take up to 10 minutes. With LocalStack, you can build, test, and debug your Lambda@Edge functions locally! 📝 Blog Post 💻 GitHub Repository 🎬 Watch on YouTube Hey Reader 👋🏽 Happy new year! We hope you had a great time with your families and loved ones 😊 We took some time off. Sandro is bridging the cold winter in Thailand (say hi if...

12 days ago • 1 min read