With Basti, you can securely connect to your RDS/Aurora/Elasticache/EC2 instances in private VPC subnets from a local machine or CI/CD pipeline almost for free!

• 🏰 Basti sets up a so called bastion EC2 instance in the connection target's VPC.

• 🧑‍💻 The bastion instance is used with AWS Session Manager port forwarding capability to make the target available on your localhost.

• 💵 Basti takes care of keeping the bastion instance stopped when it's not used to make the solution cost as low as ≈ 0.01 USD per hour of connection plus ≈ 0.80 USD per month of maintaining the instance in a stopped state.

• 🔒 Security completely relies on AWS Session Manager and IAM policies. The bastion instance is not accessible from the Internet and no SSH keys are used.

npm install --global basti

Other, NodeJS-independent, installation options are coming soon!

Basti uses AWS SDK and relies on credentials to be configured in your system. You can use any of the methods supported by AWS SDK to configure credentials.

💡 You can expect Basti to work if you can use AWS CLI in your terminal.

First, initialize your target for use with Basti. The following command will set up all the infrastructure required to start a connection. You only need to do this once.

basti init

You will be prompted for a target to initialize and a public VPC subnet to create the bastion EC2 instance in.

Now, you can start the connection. This command will establish a secure port forwarding session and make the target available on your localhost.

basti connect

You will be prompted for the target to connect to as well as the local port to forward the connection to.

Finally, you can use the target same way as it was running on your localhost and port you specified in the previous step.

psql -h localhost -p 5432

💡 psql, the PostgreSQL client, is used as an example here. Basti can be used to connect to any type of database or other services as long as the communication is done over TCP.

You can remove all the resources created by Basti in you AWS account.

basti cleanup

The list of resources will be displayed and you will be prompted to confirm the cleanup.

Basti provides first class support for RDS instances and Aurora clusters. However, you can use Basti to connect to any other target in your AWS VPC (e.g. Elasticache instance, EC2 instance, etc.).

To connect to a custom target, select the Custom option when prompted for a target to initialize or connect to. You will be prompted for the target's VPC, IP address and port.

🤝 Feel free to open an issue or a pull request if you want to extend the list of natively supported targets

Using interactive mode is convenient when you're getting used to Basti. However, in Continuous Integration and Continuous Delivery (CI/CD) pipelines, you will probably want to disable interactivity and pass all the options as command line arguments.

Take for example the non-interactive form of the basti connect command:

basti connect --rds-instance your-instance-id --local-port your-port

Use basti <command> --help to see all the available options for basti connect and other commands.

Usage is provided under the MIT License. See LICENSE for the full details.