+1 for SSM tunneling, it's my go-to tool currently. There's a nice helper for selecting the EC2 instance to connect to https://github.com/disneystreaming/ssm-helpers
wrote a helper script for tunneling to rds via a host using ssm: https://github.com/metosin/cloud-busting/blob/main/aws/ecs-demo/modules/bastion/ssm-rds-tunnel.sh
there's some hoops to jump, the target instance has to have arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
policy attached and has to have the ssm agent running (current amazon linux 2 ami's have this agent running by default) and also ec2-instance-connect installed (that is installed to current amazon linux 2 ami's as well)
the script then uses the ssh daemon on the target host for port forwarding to remote hosts (ssm agent doen't yet support remote port forwarding)
anyhow, if the hadoop nodes don't explicitly require ssh access between each other, and you need only ssh access to the hosts themselves, then ssm is quite nice (competes with the gcp option)
@viesti thanks for that link, does that replace the clumsy (IMO) need to install a separate plugin to the AWS CLI?
I have the plugin installed so didn't actually know until reading the readme :) > It uses the Amazon-supplied session-manager-plugin binary in combination with the AWS CLI tool to create the actual sessions.
anyways, provides a list of instances and -f tag=value
is neat, e.g. -f Name=backend-1