Manage AWS EC2 instances from your Mac

AWS gives you EC2 instances in two flavors: public-facing in the default VPC subnets (open to SSH from your laptop) and private in custom VPCs (reachable only via a bastion or VPN). Either way, the daily ergonomics depend on your SSH client. SSHive handles both natively: PEM file authentication out of the box, ProxyJump for bastion-mediated access, and tunnels for reaching RDS/ElastiCache/internal load balancers from your Mac. No more `ssh -i ~/keys/mykey.pem -J ec2-user@bastion ec2-user@10.0.1.42` muscle memory, every connection is a profile.

When you create an EC2 instance, AWS gives you a `.pem` file. Download it, set permissions: `chmod 400 ~/Downloads/mykey.pem`. In SSHive, New Connection → enter the public DNS or IP, user (`ec2-user` for Amazon Linux, `ubuntu` for Ubuntu AMI, `admin` for Debian), auth method "Private Key", browse to your PEM. Save as profile. SSHive caches the key path, moving the PEM file later requires re-pointing the profile.

Best practice on AWS is to put application servers in private subnets and access them via a bastion in the public subnet. In SSHive, create a profile for the bastion first (public IP, ec2-user, your PEM). Then create a profile for the private instance: enter the private IP, user, key, and in the "Jump Host" section, select your bastion profile. SSHive handles the multi-hop SSH connection transparently, agent forwarding optional. No more SSH config-file editing every time AWS rotates an IP.

RDS instances live in private subnets, TablePlus on your Mac cannot reach them directly. The trick: SSH-tunnel through your bastion. In SSHive's bastion profile, add a Local forward: local port 5432 → remote host `mydb.xxx.us-east-1.rds.amazonaws.com` → remote port 5432. Connect. Open TablePlus, point it at `localhost:5432` with your DB credentials. SSHive's SSH connection now proxies your DB queries securely.