Common Workflows¶
Private AWS RDS Tunnels¶
Create an AWS Session Manager tunnel to forward a private RDS endpoint to localhost, then connect with your preferred database client.
Use this when the database is in a private subnet and reachable from an SSM-managed EC2 instance in the same VPC.
PostgreSQL¶
| Setting | Value |
|---|---|
| Tunnel Type | AWS Session Manager |
| Tunnel Name | prod-postgres |
| AWS Profile | production |
| AWS Region | us-east-1 |
| EC2 Instance ID | i-0abc123def456 |
| Local Port | 5432 |
| Remote Host | mydb.abc123xyz.us-east-1.rds.amazonaws.com |
| Remote Port | 5432 |
Connect once the status turns green:
In TablePlus or pgAdmin, point at localhost:5432 with your database credentials.
MySQL¶
| Setting | Value |
|---|---|
| Tunnel Type | AWS Session Manager |
| Tunnel Name | staging-mysql |
| AWS Profile | staging |
| AWS Region | eu-west-1 |
| EC2 Instance ID | i-0123456789abcdef0 |
| Local Port | 3306 |
| Remote Host | mysql.cluster-abc123.eu-west-1.rds.amazonaws.com |
| Remote Port | 3306 |
Redis or Internal Services¶
| Setting | Value |
|---|---|
| Tunnel Type | AWS Session Manager |
| Tunnel Name | dev-redis |
| Local Port | 6379 |
| Remote Host | redis.internal |
| Remote Port | 6379 |
Internal Web Service Tunnels¶
Forward an internal web service through Session Manager to a local port, then open it in your browser.
Example: An admin dashboard at admin.internal:3000 only reachable from the server network.
| Setting | Value |
|---|---|
| Tunnel Type | AWS Session Manager |
| Tunnel Name | internal-admin |
| Local Port | 3000 |
| Remote Host | admin.internal |
| Remote Port | 3000 |
After connecting, open http://localhost:3000.
Multiple Tunnels¶
When your stack needs several services at once, create a separate tunnel for each and use distinct local ports.
| Tunnel | Local Port | Remote Service |
|---|---|---|
| dev-postgres | 5432 | PostgreSQL |
| dev-redis | 6379 | Redis |
| dev-api | 8080 | Backend API |
A naming convention like [environment]-[service] keeps things searchable:
Port Conflicts
Only one tunnel can bind a given local port. Disconnect the active tunnel before connecting another on the same port.
Switching Environments¶
If your dev, staging, and production tunnels share the same local port (e.g., 5432), disconnect one before connecting the next. StormTunnel will refuse to bind a port that is already in use.
To avoid the disconnect-reconnect cycle, assign different local ports per environment:
| Tunnel | Local Port |
|---|---|
| dev-postgres | 5432 |
| staging-postgres | 5433 |
| prod-postgres | 5434 |
Update your application's connection string to match.
Importing SSH Config¶
When you still need classic SSH tunnels, import existing hosts from your ~/.ssh/config instead of recreating them by hand.
- Go to File > Import.
- Select your SSH config file.
- Review the parsed tunnels and adjust names or ports.
- Click Import.
StormTunnel reads Host, HostName, Port, User, IdentityFile, and LocalForward directives. Entries without LocalForward are imported as SSH hosts you can attach tunnels to later.
Exporting and Sharing Configurations¶
File > Export saves tunnel definitions to a portable file. Passwords and private keys are never included -- only references to key paths.
Recipients import the file and supply their own credentials.
AWS Session Manager Tunnels¶
Prerequisites: AWS CLI with the Session Manager plugin installed, credentials configured, and IAM permissions for ssm:StartSession.
- Create a new tunnel and select AWS Session Manager as the connection type.
- Enter the Instance ID (e.g.,
i-0123456789abcdef0). - Select your AWS Profile.
- Set local and remote ports.
- Connect.
If connections fail, verify your profile under Settings > AWS and click Test Connection.