After some reading (AWS docs, http://stratumsecurity.com/2012/12/03/practical-tactical-cloud-security-ec2/, etc..) I still don't understand how to organize secure & easy access to AWS (especially RDS) from users's laptops. For example, my application from dev's laptop should be able to access MySQL RDS.
Is these something I missed? I'm thinking about install OpenVPN on one of EC2 and use it for tunneling all traffic to my AWSs, but probably some better option exists.
TIA, Vitaly
Well, there are many ways to skin this cat, one of which is OpenVPN, as you suggested.
A much more simple option is to just use SSH tunneling. Give your devs shell accounts on an EC2 instance that has access to your RDS. Then they can do something like this from their workstations:
After doing this, they can connect to their
localhost:3600and traffic will be forwarded all the way through to your RDS instance. Needless to say, you'll need to ensure that your users have appropriate credentials. From RDS's perspective, their traffic will appear to come from your EC2 host.