If it's not possible to provide direct access to your database port, you can connect to ETLrobot via an SSH tunnel. You may also choose this connection method for an added layer of security.
To connect via an SSH tunnel, you need to set up an SSH server that has access to your database port. The SSH server's port needs to be publicly accessible or accessible from ETLrobot's IPs.
What is an SSH server?¶
An SSH server acts like a secure bridge that stands between ETLrobot and your private database to ensure strict, protected, and encrypted access to your private database. Once the connectivity is established, the SSH server allows ETLrobot to access your database in private subnets via SSH. An SSH server is also known as a bastion host or jump host.
There are a few steps to setting up an SSH tunnel to communicate with a private database.
Setup an SSH server (bastion host). Skip this if you already have an SSH server.
Create an SSH user on your SSH server for use by ETLrobot (see instructions below).
Add your ETLrobot Account public key to your SSH server's authorized keys file (usually $user/.ssh/authorized_keys) for the user created above. This key can be accessed in your ETLrobot destination configuration.
ETLrobot generates a unique SSH public key that is specific to your ETLrobot account. Make sure that you don’t introduce any line breaks when cutting and pasting. If this public key isn't installed properly, the ETLrobot will be unable to access your database.
If IP whitelisting is required, allow ETLrobot's IPs to your SSH server's port (typically 22).
Configure security group of your private database. Allow the SSH server's Private IP to access the database port (important: be sure to use the Private IP address).
Complete the destination setup steps in ETLrobot. This will test connection access and reveal any connection issues.
Create an SSH User¶
These are the step to create an SSH user on your SSH server for ETLrobot (if you don't already have an SSH user that you want to use).
Log in to your SSH tunnel host and run the following commands:
sudo groupadd etlrobot
sudo useradd -m -g etlrobot etlrobot
Switch to the etlrobot user:
sudo su - etlrobot
Create the .ssh directory (if not already created):
chmod 700 ~/.ssh
Change to the .ssh directory:
Create the authorized_keys file (if not already created):
chmod 600 authorized_keys