Runbook to configure DuploCloud Hosts with a static IP and SSH database tunneling for secure remote access
This setup is useful in scenarios for DuploCloud customers with external users in remote locations who need consistent, secure access to databases Hosted on DuploCloud infrastructure. By configuring a public-facing DuploCloud Host and attaching an Elastic IP, you provide a stable and consistent endpoint for Retool to connect to. SSH tunneling is then used to create a secure, encrypted connection between Retool and the database through the DuploCloud Host. This approach ensures that even over the public internet, data transfers remain protected and private. By combining the static Elastic IP with SSH tunneling, you achieve reliable access and robust security for database interactions.
Use this procedure if you are a DuploCloud customer who needs secure external access to your organization’s cloud resources for:
Public Availability with Security: DuploCloud customers with external clients, vendors, or team members who need to interact with the database but cannot be given direct access for security reasons
Public Host Access with Strict Database Security: Users who need external Host accessibility while maintaining secure strict security controls for databases.
Simplified Development Workflow: Users with remote developers who need to connect to the environment without dealing with dynamic IP change and securely interact with the database for tasks like development, testing, or debugging, as if they were directly connected to the cloud network.
Secure Troubleshooting: System administrators or support teams who need to quickly connect to the Host from anywhere or securely access and troubleshoot the database without exposing it to potential security risks.
A DuploCloud Host with a Public IP and network access to your database.
A Retool account.
Navigate to AWS Management Console.
Log in with your credentials.
In the AWS Console, navigate to the EC2 dashboard.
In the EC2 Dashboard, Allocate an Elastic IP address connected with the appropriate network (VPC).
Once the Elastic IP is allocated, select it from the list.
Associate the Elastic IP address with your DuploCloud Host instance.
An AWS account is needed to allocate and manage Elastic IP addresses because they are an AWS-specific service. If you're using a different cloud provider, create and associate a static IP with your DuploCloud Host using their equivalent static IP addressing service.
Navigate to the Retool login page.
Log in with your credentials.
Follow the instructions to Configure SSH tunneling, being sure to:
Enter the public IP of your DuploCloud Host.
Set the SSH port to 22 and configure it to use the private key you saved earlier.
Navigate to the DuploCloud Platform.
Log in with your credentials.
In the DuploCloud Portal, navigate to Administrator -> Tenant.
Select the Tenant where your host is running from the NAME column.
Select the Security tab and click Add. The Add Tenant Security pane displays.
Add the Retool IP addresses using the following inputs:
Source Type: IP Address
IP CIDR: Custom
IP Address: Enter the Retool CIDR IP Addresses (and individual IP’s as needed).
Protocol: TCP
Port Range: 22
Click Add.
Login to AWS Console
Allocate a New Elastic IP
Associate the Elastic IP with DuploCloud Host
Log in to your Retool
Configure SSH Tunneling
Log in to DuploCloud
Add Tenant Security Settings to Whitelist Retool IP Addresses
This Runbook configures secure SSH access from Retool to a DuploCloud Host by attaching an Elastic IP, setting up SSH tunneling, and whitelisting Retool IP addresses to ensure proper connectivity and security.
Links to resources that may be helpful to users of this Runbook.