What Does Endpoint Security Mean

It is useful to be able to access your Elastic Beanstalk database (or standalone RDS database) from your own computer/localhost for staging/testing/debugging purposes. However, it is undesirable to open up the security settings so that you can access them from home. There is a way to do this all securely by forwarding all local database requests through an SSH tunnel to the Elastic Beanstalk (or other) server that already has access to the database. This is described below and is based on the instructions here:

This assumes that you already have SSH set up and working to your Elastic Beanstalk instance via a local private key PEM file and that your Elastic Beanstalk instance has access to the database. For example, you should already be able to connect to your instance with a command like this:

ssh -i ~/path/to/private-key-file.pem user-name@instance-ip-address

If you are able to connect via SSH with the command above, then you can use the following to be able to access your database locally (obviously, you need to furnish your own path to the PEM file, instance user name, instance IP address, and database end-point):

ssh -i ~/path/to/private-key-file.pem user-name@instance-ip-address -L -N

All done! You can now access the database via the address

If you are doing this so that you can run a WordPress site from localhost for staging/testing purposes, make sure you have the following at the top of wp-config.php, just below the opening “<?php“:

if ( file_exists( dirname( __FILE__ ) . '/local-config.php' ) ) {    include( dirname( __FILE__ ) . '/local-config.php' );}

Also for WordPress, make sure to create the file local-config.php at the top level of the WordPress code (at same level as wp-config.php), and add it to .gitignore so it doesn’t get pushed to your public site. The following needs to be in this local-config.php file, which will tell your WordPress installation that it should treat “localhost” or “” as the database endpoint (which will then get forwarded per the ssh command above):

define('DB_HOST', '');

WP on your localhost will now access the remote database through the tunnel, and you can access it manually via

endpoint security default password     endpoint security benefits