Creating Tunnels¶
Create a New Tunnel¶
- Click + in the toolbar (or press Cmd+N)
- Choose AWS Session Manager for private AWS resources or SSH Tunnel for existing SSH environments
- Fill in the configuration
- Click Save
AWS Session Manager Tunnel¶
Use AWS Session Manager for private RDS databases, Aurora clusters, Redis, internal admin panels, and other services reachable from an SSM-managed EC2 instance.
Required Fields¶
| Field | Description | Example |
|---|---|---|
| Name | Descriptive name | prod-postgres |
| Instance ID | SSM-managed EC2 instance ID | i-0123456789abcdef0 |
| Region | AWS region | us-east-1 |
| Local Port | Port on your Mac | 5432 |
| Remote Host | Private RDS or service address | mydb.abc123xyz.us-east-1.rds.amazonaws.com |
| Remote Port | Port on remote service | 5432 |
AWS Profile¶
Select your AWS profile in Settings > AWS or per-tunnel in the configuration.
For the full private database workflow, see Connecting to AWS RDS Databases.
SSH Tunnel Configuration¶
Use SSH Tunnel when you have an existing bastion, self-managed server, or SSH config that should remain in place.
Required Fields¶
| Field | Description | Example |
|---|---|---|
| Name | Descriptive name | legacy-postgres |
| SSH Host | Server to connect through | [email protected] |
| Local Port | Port on your Mac | 5432 |
| Remote Host | Destination service | localhost |
| Remote Port | Port on remote host | 5432 |
SSH Host Formats¶
[email protected] # Direct connection
[email protected] # IP address
my-server # SSH config alias
SSH Config Aliases
If you have servers defined in ~/.ssh/config, enter the alias name. StormTunnel reads the hostname, user, port, and key automatically.
Authentication¶
Choose one:
- SSH Key (recommended) -- Select from your imported keys
- Password -- Enter SSH password (stored in Keychain)
See Authentication for details.
Port Forwarding Examples¶
Database (PostgreSQL)¶
Access a private RDS PostgreSQL database through AWS Session Manager:
| Field | Value |
|---|---|
| Local Port | 5432 |
| Remote Host | mydb.abc123xyz.us-east-1.rds.amazonaws.com |
| Remote Port | 5432 |
Connect your database client to localhost:5432.
Web Server¶
Access a web app running on port 80:
| Field | Value |
|---|---|
| Local Port | 8080 |
| Remote Host | localhost |
| Remote Port | 80 |
Open http://localhost:8080 in your browser.
Internal Service¶
Reach a service on the remote network:
| Field | Value |
|---|---|
| Local Port | 6379 |
| Remote Host | redis.internal |
| Remote Port | 6379 |
Connect to localhost:6379 to reach redis.internal:6379.
Duplicate a Tunnel¶
- Select the tunnel
- Press Cmd+D (or right-click > Duplicate)
- Edit the copy
- Save
Advanced Options¶
Auto-Reconnect¶
Automatically reconnect if the tunnel drops:
- Edit the tunnel
- Enable Auto-Reconnect in Advanced settings
- Save
Connection Timeout¶
Adjust how long to wait for connections:
- Settings > General > Connection Timeout (global)
- Or per-tunnel in Advanced settings
Verbose Logging¶
Enable detailed SSH output for debugging:
- Edit tunnel > Advanced > Enable Verbose Output
- Connect the tunnel
- Check Console.app for detailed logs
For connection issues, see Troubleshooting.