ssh -N -L 3306:<Target Host>:3306 firstname.lastname@example.org
One key point it that email@example.com is the login for the tunnel, not the target host. And even with the right login, it will not work on EC2. Here's what you need:
ssh -N -i .ssh/dev.pem -L 0.0.0.0:3306:<My SQL Host>:3306 firstname.lastname@example.org
The magic sauce is the 0.0.0.0 at the beginning which allows listening on ALL interfaces. The "-i .ssh/dev.pem" part is to use an ssh key for the login, which is required on AWS EC2 instances. You can add a -f flag to have this run in the background.
Use this to check if the tunnel is running:
lsof -i -n | egrep '\<ssh\>'