Enabling SSH Connections to an Elastic Beanstalk Environment: Difference between revisions

Latest revision as of 15:58, 20 August 2022

Overview[edit]

Notes on connecting to an AWS EC2 instance in order to manage and deploy web applications. ^[1] ^[2]

Prerequisites[edit]

An Elastic Beanstalk environment
An EC2 instance This is created automatically during the creation of each Elastic Beanstalk environment. Each EBS environment is linked to its own EC2 instance.

Open SSH port (22)[edit]

AWS Management Console > EC2 > EC2 instance corresponding to the EBS environment > click for details > Security Group > click for details
Inbound Rules tab > Edit button
Add Rule button
- Type: SSL
- Protocol: TCP
- Port Range: 22
- Source: XX.XX.XX.XX/32 where XX.XX.XX.XX is the public IP address of the local development LAN.

This port should NEVER be publicly accessible. This setting should NEVER be specified in any config files for the web application.

For convenience, in the AWS management console view details for the EC2 instance corresponding to the EBS environment. From there, click the Connect button at the top for details on how to connect to the instance.

Get the ID of the EC2 instance Amazon EC2 console > Instance ID column (or use describe-instances from the AWS CLI)
Get the public DNS of the instance Amazon EC2 console > Public DNS column (optionally click show/hide and select Public DNS column)
Private key Fully-qualified path to .pem file for key pair specified when the instance was launched.
Enabled inbound SSH traffic from your IP address to the instance Ensure the security group associated with the instance allows incoming traffic from the local IP address.^[3]

Key Pairs[edit]

Create a key pair on an EC2 instance after creating an inbound rule for the SSH port.

EC2 Management Console > select the EC2 instance linked to the EBS environment
Network & Security group (on lefthand menu) > Key Pairs
Create Key Pair button at the top right
- Name: descriptive token
- Key pair type: RSA
- File Format: .pem
- Click Create
- Download the .pem file to ~/.ssh/
- (If the certificate file downloads with a ".cer" extension, it is still in .pem format. It is ok to simply change the extension from ".cer" to ".pem".)
After the .pem file is installed in the ~/.ssh/ directory, make sure its permissions are set to 700.

Link an EBS environment with a key pair.

EB Management Console > application > environment
Configuration > Security > Edit
Key Pair: Select the key pair created for the EC2 instance.

At this point, the server should be ready to accept ssh connections.

An existing key pair cannot be associated with an existing EC2 instance. Well, they can, but it may be simpler to create a new Elastic Beanstalk and a new EC2 instance along with it.

Connecting[edit]

$ eb ssh

The above is a wrapper for the following:

$ ssh -i ~/.ssh/nrosedevs-aws.pem ec2-user@[Public_DNS_address]

The Public DNS Address is retrieved from the AWS EC2 Dashboard, under Instances. Click on the individual instance to view its public DNS.

ec2-user is the user name for Amazon Linux servers. Other server types may have different user names, e.g. Ubuntu's user is ubuntu.

The .pem file was created and downloaded when a key pair was created for the EC2 instance. If ssh access is needed on a different machine, the .pem file must be copied over from a machine that has already had the .pem file installed.

Troubleshooting[edit]

TK

Configuration[edit]

I had a hell of a time getting this to work using an existing EC2 instance. I ended up rebuilding the Key Pair, IAM Role, and EC2 instance. Then and only then did this work... actually come to think of it, I suspect that the problem might have been in the configuration of the EC2 instance. Where the directions say to select Enable for the Auto-assign Public IP, initially I left it at the default setting. I can't see a way of going back and changing this setting once the instance is created.

When a Key Pair is created through the AWS management console, a .pem file containing the pair is generated.

This file is created once, and cannot be generated again at a later date.

Save the .pem file locally, e.g. in ~/.ssh/ or c:\users\damien\.ssh\.

On Mac OS use ssh via the terminal.

The AWS documentation stresses using PuTTY on Windows, but it's possible to use a Powershell prompt also. Maybe the Powershell prompt isn't as secure?

PuTTY uses a .ppk file to hold the key pair, while the Powershell prompt uses the .pem file.

Prerequisites[edit]

A running EC2 instance
- EC2 dashboard
- Navigation pane > Instances > Instances
  - Confirm that the EC2 instance exists, and that it is running.
  - Retrieve the public DNS for the EC2 instance from this page.

Notes[edit]

↑ Connecting to Your Linux Instance Using SSH - EC2 User Guide
↑ Connecting to Your Linux Instance from Windows Using PuTTY (AWS documentation)
↑ Authorizing Network Access to your Instances

[1] Connecting to Your Linux Instance Using SSH - EC2 User Guide

[2] Connecting to Your Linux Instance from Windows Using PuTTY (AWS documentation)

[3] Authorizing Network Access to your Instances

[1]

[2]

[3]

@@ Line 1: / Line 1: @@
-[[Category:AWS]] [[Category:Web Development]]
 == Overview ==
-Notes on connecting to an AWS EC2 instance in order to manage and deploy web applications.
+Notes on connecting to an AWS EC2 instance in order to manage and deploy web applications. <ref>[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html Connecting to Your Linux Instance Using SSH] - EC2 User Guide</ref> <ref>[http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html Connecting to Your Linux Instance from Windows Using PuTTY] (AWS documentation)</ref>
+== Prerequisites ==
+* '''An Elastic Beanstalk environment'''
+* '''An EC2 instance''' This is created automatically during the creation of each Elastic Beanstalk environment. Each EBS environment is linked to its own EC2 instance.
+=== Open SSH port (22) ===
+* '''AWS Management Console''' > '''EC2''' > ''EC2 instance corresponding to the EBS environment'' > click for details > '''Security Group''' > click for details
+* '''Inbound Rules''' tab > '''Edit''' button
+* '''Add Rule''' button
+** '''Type:''' SSL
+** '''Protocol:''' TCP
+** '''Port Range:''' 22
+** '''Source:''' `XX.XX.XX.XX/32` where `XX.XX.XX.XX` is the public IP address of the local development LAN.
+<p class="alert alert-warning">This port should NEVER be publicly accessible. This setting should NEVER be specified in any config files for the web application.</p>
+<p class="alert alert-info">For convenience, in the AWS management console view details for the EC2 instance corresponding to the EBS environment. From there, click the '''Connect''' button at the top for details on how to connect to the instance.</p>
+* '''Get the ID of the EC2 instance''' Amazon EC2 console > Instance ID column (or use `describe-instances` from the AWS CLI)
+* '''Get the public DNS of the instance''' Amazon EC2 console > Public DNS column (optionally click show/hide and select Public DNS column)
+* '''Private key''' Fully-qualified path to `.pem` file for key pair specified when the instance was launched.
+* '''Enabled inbound SSH traffic from your IP address to the instance''' Ensure the security group associated with the instance allows incoming traffic from the local IP address.<ref>[http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html Authorizing Network Access to your Instances]</ref>
+=== Key Pairs ===
+Create a key pair on an EC2 instance after creating an inbound rule for the SSH port.
+* '''EC2 Management Console''' > ''select the EC2 instance linked to the EBS environment''
+* '''Network & Security''' group (on lefthand menu) > '''Key Pairs'''
+* '''Create Key Pair''' button at the top right
+** '''Name:''' ''descriptive token''
+** '''Key pair type:''' RSA
+** '''File Format:''' `.pem`
+** Click '''Create'''
+** Download the `.pem` file to `~/.ssh/`
+** ''(If the certificate file downloads with a ".cer" extension, it is still in .pem format. It is ok to simply change the extension from ".cer" to ".pem".)''
+* After the `.pem` file is installed in the `~/.ssh/` directory, make sure its permissions are set to `700`.
+Link an EBS environment with a key pair.
+* '''EB Management Console''' > ''application'' > ''environment''
+* '''Configuration''' > '''Security''' > '''Edit'''
+* '''Key Pair''': Select the key pair created for the EC2 instance.
+At this point, the server should be ready to accept ssh connections.
+<p class="alert alert-warning">An existing key pair cannot be associated with an existing EC2 instance. Well, they can, but it may be simpler to create a new Elastic Beanstalk and a new EC2 instance along with it.</p>
 == Connecting ==
-<syntaxhighlight lang="powershell">
+<syntaxhighlight lang="bash">
-c:\> ssh -i c:\users\damien\.ssh\nrosedevs-aws.pem ec2-user@[Public_DNS_address]
+$ eb ssh
+</syntaxhighlight>
+The above is a wrapper for the following:
+<syntaxhighlight lang="bash">
+$ ssh -i ~/.ssh/nrosedevs-aws.pem ec2-user@[Public_DNS_address]
 </syntaxhighlight>
@@ Line 13: / Line 67: @@
 `ec2-user` is the user name for Amazon Linux servers. Other server types may have different user names, e.g. Ubuntu's user is `ubuntu`.
+The `.pem` file was created and downloaded when a key pair was created for the EC2 instance. If ssh access is needed on a different machine, the `.pem` file must be copied over from a machine that has already had the `.pem` file installed.
 == Troubleshooting ==
@@ Line 20: / Line 76: @@
 == Configuration ==
-I had a hell of a time getting this to work using an existing EC2 instance. I ended up rebuilding the Key Pair, IAM Role, and EC2 instance. Then and only then did this work... actually come to think of it, I suspect that the problem might have been in the configuration of the EC2 instance. Where the directions say to select '''Enable''' for the '''Auto-assign Public IP''', initially I left it at the default setting. I can't see a way of going back and changing this setting once the instance is created.
+<div class="alert alert-info">I had a hell of a time getting this to work using an existing EC2 instance. I ended up rebuilding the Key Pair, IAM Role, and EC2 instance. Then and only then did this work... actually come to think of it, I suspect that the problem might have been in the configuration of the EC2 instance. Where the directions say to select '''Enable''' for the '''Auto-assign Public IP''', initially I left it at the default setting. I can't see a way of going back and changing this setting once the instance is created. </div>
 When a Key Pair is created through the AWS management console, a `.pem` file containing the pair is generated.
@@ Line 26: / Line 82: @@
 This file is created once, and cannot be generated again at a later date.
-Save the `.pem` file (`c:\users\damien\.ssh\`).
+Save the `.pem` file locally, e.g. in `~/.ssh/` or `c:\users\damien\.ssh\`.
+On Mac OS use ssh via the terminal.
 The AWS documentation stresses using PuTTY on Windows, but it's possible to use a Powershell prompt also. Maybe the Powershell prompt isn't as secure?
@@ Line 39: / Line 97: @@
 *** Confirm that the EC2 instance exists, and that it is running.
 *** Retrieve the '''public DNS''' for the EC2 instance from this page.
+== Notes ==
+<references />
+[[Category:AWS]] [[Category:Elastic Beanstalk]] [[Category:Web Development]]

Enabling SSH Connections to an Elastic Beanstalk Environment: Difference between revisions

Latest revision as of 15:58, 20 August 2022

Contents

Overview[edit]

Prerequisites[edit]

Open SSH port (22)[edit]

Key Pairs[edit]

Connecting[edit]

Troubleshooting[edit]

Configuration[edit]

Prerequisites[edit]

Notes[edit]

Navigation menu

Enabling SSH Connections to an Elastic Beanstalk Environment: Difference between revisions

Latest revision as of 15:58, 20 August 2022

Overview[edit]

Prerequisites[edit]

Open SSH port (22)[edit]

Key Pairs[edit]

Connecting[edit]

Troubleshooting[edit]

Configuration[edit]

Prerequisites[edit]

Notes[edit]

Navigation menu

Search