Configure a SSH Tunnel using Putty to connect to a AWS EC2 instance.

In this post I will show you how configure a SSH Tunnel using Putty to connect to a AWS EC2 Instance with CentOS release 6.9 running Oracle 12c

I will configure a SSH Tunnel to connect to a Oracle 12c database located in a EC2 instance that uses the default port 1521, If you wish you can configure other port like 5432 (default port for PostgreSQL) or 3306 (default port for MySQL)

Steps to configure SSH Tunnel

1. Get the Public IP of the EC2 instance i-036502d24caefa34a and its VPC vpc-09734b495f9a644b5

2. Enable SSH on the EC2 instance (i-036502d24caefa34a)

a. Click on the current Security Group associated to the instance to verify if SSH is enabled (must exist an Inbound rule for the port 22).

If the SSH AWS EC2 instance does not have enabled SSH , you have two options :

  • Create a new Security group and add an new inbound rule to enable SSH.
  • Add a new inbound rule to give access to the port 22 to the current Security Group linked to the EC2 instance.

I chose the first option, so I going to create a new Security SECURITY_TO_AWS_EC2 and associate it to the EC2 instance.

Click on Services > EC2 > Security Groups > Create Security Group

  1. Enter Security group name: SECURITY_TO_AWS_EC2
  2. Enter a description for the Security Group
  3. Select VPC associated to the EC2 instance (vpc-09734b495f9a644b5)
  4. Select Type: SSH
  5. Select Source My IP
  6. The public IP (on-premises Server IP) will connect to the AWS EC2 instance using SSH.
  7. Click on “Create security group” button.

3. Associate the Security Group “SECURITY_TO_AWS_EC2” to the AWS EC2 instance i-036502d24caefa34a

Right Click > Networking > Change Security Groups

  1. Click on the Security Group SECURITY_TO_AWS_EC2
  2. click on “Assign Security Groups”

4. Create a SSH tunnel using PuTTY in your computer, if you do not have Putty you can download it from PuTTY Download Page

a. Create a new session in PuTTY.

  1. In Host Name enter the public IP of the EC2 instance:
  2. Port :22
  3. Select SSH
  4. Select a name to save the Putty session: TUNNEL_SSH_FOR_ORACLE

b. Configure a SSH tunnel.

  1. Click on Connection > SSH > Auth > Tunnels
  2. In Source port field enter a port, in this case I chose 2521 but you can enter any available port of your client machine.
  3. In the Destination field enter the value “” that correspond with the Private IP of the EC2 Instance and the port 1521 is the port where the Oracle listener is listening.
  4. Click on the “Add” button.

c. Save the PuTTY Session

  1. Select Session
  2. Click on the “Save” button.

4. Open the SSH tunnel

1. Click on the “Open” button.

2. Login in the server (EC2 Instance)

4. Test the SSH tunnel

a. Configure the tnsnames.ora file in the client machine located in the directory C:\app\oracle\product\12.1.0\dbhome_1\NETWORK\ADMIN adding a new connect string SRCCL

C:\Users\user>tnsping SRCCL

TNS Ping Utility for 64-bit Windows: Version - Production on 05-MAY-2020 21:19:39

Copyright (c) 1997, 2014, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION= (ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=2521)) (CONNECT_DATA= (SERVICE_NAME=SRC
OK (80 msec)

b. Connect to Oracle Database in AWS EC2

C:\Users\user>sqlplus system/oracle@SRCCL

SQL*Plus: Release Production on Tue May 5 21:21:20 2020

Copyright (c) 1982, 2014, Oracle.  All rights reserved.

Last Successful login time: Sat May 02 2020 14:55:20 -04:00

Connected to:
Oracle Database 12c Enterprise Edition Release - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options