Deny EC2 SSH to RDS

I have create a security group for the RDS Database Instance. The security group has a rule to allow TCP 3306 for MySQL/Aurora from a specific IP, which is a EC2. This EC2 is an app server and I only want it to connect to the RDS from the application.

However, I discover that I can also ssh into the RDS DBI from that app server EC2. I have configured a Bastion for developers to ssh into the RDS DBI so I do not want when someone logged into the app server then ssh to the RDS.

Can I please get advise how do I stop ssh access to the RDS from the app server?

Topics

Networking & Content Delivery

Relevant content

Create Security group inbound for the the RDS
HingeAjit
asked 5 months ago
Geolocation for EC2 Instance Security Groups Inbound Rules
Louis
asked a year ago
With a Security group I can't connect to EC2 instance
Accepted Answer
rePost-User-5736427
asked 2 years ago
Is it a good idea to have single security group for multiple apps?
rePost-User-7130205
asked 2 years ago
How can I copy rules from an existing security group to a new security group?
AWS OFFICIALUpdated 2 years ago
How do I allow access to an application on an EC2 instance with a security group?
AWS OFFICIALUpdated 8 months ago
How can I connect to a private Amazon RDS DB instance from a local machine using an Amazon EC2 instance as a bastion host?
AWS OFFICIALUpdated a year ago
How do I restrict access to SSH port 22 in my Elastic Beanstalk instance security group to a specific CIDR or security group?
AWS OFFICIALUpdated 18 days ago
Allow Listing in AWS Security Groups
EXPERT
Rob_H
published 2 years ago
Access a private Amazon Redshift from a local machine via a private EC2 instance
EXPERT
Ziad
published 6 months ago