I Moved My Database Behind a VPN on AWS — Here's Every Step (With the Networking Concepts That Actually Matter)

The Moment I Realized Our Database Was Naked I was auditing our AWS security groups when I saw this: Security Group: sg-0139b9d03b7d72f11 Inbound Rules: MySQL/Aurora 3306 0.0.0.0/0 ← THE ENTIRE INTERNET Our production MySQL RDS — the one with real user data — was accessible from every IP address on the planet . The only thing standing between an attacker and our database was a username and password. No VPN. No private subnet. No network-level isolation. Just vibes and a MySQL password. If you're reading this and thinking "wait, let me check mine..." — yeah, go check. I'll wait. What We're Building By the end of this guide, your architecture goes from this: BEFORE : Anyone on the Internet │ │ Direct connection, port 3306 wide open ▼ MySQL RDS (Public IP, 0.0.0.0/0) To this: AFTER : Developer Laptop │ │ 1. Connect to VPN (encrypted tunnel) ▼ OpenVPN Server (EC2, public subnet) │ │ 2. NAT translates VPN IP → VPC IP ▼ MySQL RDS (private subnet, NO public IP, NO internet route) ▲ │ 3. Backe

I Moved My Database Behind a VPN on AWS — Here's Every Step (With the Networking Concepts That Actually Matter)

Related Articles

What You Need to Know About Building an Outdoor Sauna (2026)

The Boring Skills That Make Developers Unstoppable in 2026

I Installed This VS Code Extension… and My Code Got Instantly Better

The Age of Personalized Software

Automating Checkout Add-On Recommendations in WordPress for WooCommerce

Related Articles

How-To
What You Need to Know About Building an Outdoor Sauna (2026)
Wired • 1d ago

How-To
The Boring Skills That Make Developers Unstoppable in 2026
Medium Programming • 1d ago

How-To
I Installed This VS Code Extension… and My Code Got Instantly Better
Medium Programming • 1d ago

How-To
The Age of Personalized Software
Medium Programming • 1d ago

How-To
Automating Checkout Add-On Recommendations in WordPress for WooCommerce
Dev.to • 1d ago