By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't reach SSM port-forwarded service within docker

0

Hi, I'm connecting to a remote DB with a port forward (with AWS ssm, AWS-StartPortForwardingSessionToRemoteHost): aws ssm start-session --target i-XXXXX --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{"portNumber":["5432"],"localPortNumber":["5432"], "host":["XXXXX.rds.amazonaws.com"]}'

The connection locally works fine:

$ telnet localhost 5432
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

But if I try to reach it within docker, it doesn't work:

$ docker run --add-host host.docker.internal:host-gateway mikesplain/telnet host.docker.internal 5432
telnet: can't connect to remote host (172.17.0.1): Connection refused

I'm in a situation where I can't use --network=host.

Am I missing something here ?

Seems strongly related to https://stackoverflow.com/questions/69222946/access-aws-ssm-port-inside-docker-container

Thanks,

Topics
Management & GovernanceNetworking & Content DeliveryCompute
Tags
AWS Systems ManagerNetworking & Content DeliveryLinux
Language
English
RobinF
asked 10 months ago642 views
2 Answers
0
Accepted Answer

https://stackoverflow.com/a/76705498/5692012

RobinF
answered 10 months ago
0

The following commands would need to be running on the back end to start the container.
Are you able to start the container with the port-forward tunnel open?

aws ssm start-session --target i-XXXXX --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{"portNumber":["5432"],"localPortNumber":["5432"], "host":["XXXXX.rds.amazonaws.com"]}'
profile picture
EXPERT
Riku_Kobayashi
answered 10 months ago
  • RobinF
    10 months ago

    Hi, I'm sorry I don't get it. Do you suggest running the port-forward within the container ? That's not a solution neither, it's a container I can't modify, so I can't install the aws cli/ssm plugin in it.

  • Riku_Kobayashi EXPERT
    10 months ago

    No, it is your local PC that executes this command.

  • RobinF
    10 months ago

    But what's the difference with the command I'm already running on the host machine ? I'm already running in from my local PC where I run the docker container. It just that the PC can connect to the DB but when in the container, it doesn't work.

  • Riku_Kobayashi EXPERT
    10 months ago

    To begin with, the IP address of the host is "172.17.0.1", is this correct?

  • RobinF
    10 months ago

    Yes, if I test the connection with a local nginx for example, it works. It only doesn't work with the SSM port-forward. I've asked a friend of mine to test on MacOS, it seems to work. Looks like the issue is only with Linux.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content