Nat Gateway setup to access cognito needs ec2 bastion host ssh tunnel

Adding authentication back which stopped working because postgres (RDS) sits in a virtual network (VPC) that cannot access the internet and the service I use to get user credentials (Cognito) is on the internet even though it’s an amazon service and the only part of the backend which needs internet access but maybe they'll set up an endpoint tomorrow So I had to set up ngw that I’ve been putting off for months to get it to work (look at VPC route table interactive thing it helped a lot) and I finally got it to work and now it’s more secure but it’s so secure (because the api lambda is now in only private subnets, and one between nat gateway and internet gateway) that I can no longer access it from my computer to develop with, so need to ssh into ec2 as a bastion host

Big takeaways: 1. To put it in the words of chattie: - localhost:5000 would be where you access your application (HTTP server). - localhost:5432 would be where your application accesses the database (PostgreSQL server). So, just had to use 5432 as the local and remote port in the command "ssh -i "YOUR_EC2_KEY" -L LOCAL_PORT:RDS_ENDPOINT:REMOTE_PORT EC2_USER@EC2_HOST -N -f" 2. Had to then point my local psycopg2 endpoint to localhost:5432 instead of the aws endpoint as it previously was