A practical guide to connecting Claude Code (an AI coding assistant) to a private AWS RDS PostgreSQL database using MCP (Model Context Protocol), AWS Session Manager (SSM) tunnels, VPC endpoints, and a jumphost EC2 instance. The setup avoids exposing the database to the internet while giving the AI assistant live access to schema and data. The post covers deploying a CDK stack, seeding the database, configuring the MCP integration, and security considerations including read-only access and audit trails via CloudTrail.
Table of contents
IntroductionWhy Focused Context Beats More ContextThe Networking Problem: RDS Lives in a Private SubnetThe Architecture: SSM Tunnel + VPC Endpoints + jumphostDeploy the CDK Stack and Start the TunnelSeed and Verify the DatabaseHook It Up to Claude Code via MCPReal Workflow WinsSecurity ChecklistWrapping UpSort: