port forwarding for RDS database via system manager plugin + build credentials in pgpass file

rds_forward.sh

#!/bin/bash

INSTANCE_NAME="my_instance"
DATABASE=database_name
RDS_HOST="[DATABASE].[REGION].rds.amazonaws.com"
RDS_SECRET="my-secret" # should have username and password properties
RDS_PORT=5432
LOCAL_PORT=5433

read username password < <(echo $(aws secretsmanager get-secret-value \
  --secret-id $RDS_SECRET | \
  jq -r '.SecretString' | \
  jq -r '.username, .password'))

INSTANCE_ID=$(aws ec2 describe-instances \
  --filters 'Name=tag:Name,Values='"$INSTANCE_NAME"'' | \
  jq -r '.Reservations[0].Instances[0].InstanceId')

touch ~/.pgpass
echo "localhost:$LOCAL_PORT:$DATABASE:$username:$password" > ~/.pgpass
chmod 0600 ~/.pgpass

echo "---------------------------------------------------"
echo "psql -h localhost -p $LOCAL_PORT -d $DATABASE -U $username"
echo "---------------------------------------------------"

aws ssm start-session \
    --target $INSTANCE_ID \
    --document-name AWS-StartPortForwardingSessionToRemoteHost \
    --parameters '{"host":["'"$RDS_HOST"'"],"portNumber":["'"$RDS_PORT"'"], "localPortNumber":["'"$LOCAL_PORT"'"]}'