Enabling SSH Connections to an Elastic Beanstalk Environment: Difference between revisions

From Littledamien Wiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 29: Line 29:
=== Key Pairs ===
=== Key Pairs ===


A key pair can be created and associated with an existing Elastic Beanstalk environment. '''EB Management Console''' > ''application'' > ''environment'' > '''Configuration''' > '''Security''' > '''Modify''' > '''Key Pair''': Select an existing key pair.
Create a key pair on an EC2 instance after creating an inbound rule for the SSH port.


<p class="alert alert-warning">A key pair cannot be associated with an existing EC2 instance. Well, they can, but it may be simpler to create a new Elastic Beanstalk and a new EC2 instance along with it.</p>
* '''EC2 Management Console''' > ''select the EC2 instance linked to the EBS environment''
* '''Network & Security''' group (on lefthand menu) > '''Key Pairs'''
* '''Create Key Pair''' button at the top right
** '''Name:''' ''descriptive token''
** '''Key pair type:''' RSA
** '''File Format:''' `.pem`
** Click '''Create'''
** Download the `.pem` file to `~/.ssh/`
** ''(If the certificate file downloads with a ".cer" extension, it is still in .pem format. It is ok to simply change the extension from ".cer" to ".pem".)''
* After the `.pem` file is installed in the `~/.ssh/` directory, make sure its permissions are set to `700`.
 
Link an EBS environment with a key pair.
 
* '''EB Management Console''' > ''application'' > ''environment''
* '''Configuration''' > '''Security''' > '''Edit'''
* '''Key Pair''': Select the key pair created for the EC2 instance.
 
At this point, the server should be ready to accept ssh connections.
 
<p class="alert alert-warning">An existing key pair cannot be associated with an existing EC2 instance. Well, they can, but it may be simpler to create a new Elastic Beanstalk and a new EC2 instance along with it.</p>


== Connecting ==
== Connecting ==
<syntaxhighlight lang="bash">
$ eb ssh
</syntaxhighlight>
The above is a wrapper for the following:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
Line 42: Line 67:


`ec2-user` is the user name for Amazon Linux servers. Other server types may have different user names, e.g. Ubuntu's user is `ubuntu`.
`ec2-user` is the user name for Amazon Linux servers. Other server types may have different user names, e.g. Ubuntu's user is `ubuntu`.
The `.pem` file was created and downloaded when a key pair was created for the EC2 instance. If ssh access is needed on a different machine, the `.pem` file must be copied over from a machine that has already had the `.pem` file installed.


== Troubleshooting ==
== Troubleshooting ==

Latest revision as of 15:58, 20 August 2022

Overview[edit]

Notes on connecting to an AWS EC2 instance in order to manage and deploy web applications. [1] [2]

Prerequisites[edit]

  • An Elastic Beanstalk environment
  • An EC2 instance This is created automatically during the creation of each Elastic Beanstalk environment. Each EBS environment is linked to its own EC2 instance.

Open SSH port (22)[edit]

  • AWS Management Console > EC2 > EC2 instance corresponding to the EBS environment > click for details > Security Group > click for details
  • Inbound Rules tab > Edit button
  • Add Rule button
    • Type: SSL
    • Protocol: TCP
    • Port Range: 22
    • Source: XX.XX.XX.XX/32 where XX.XX.XX.XX is the public IP address of the local development LAN.

This port should NEVER be publicly accessible. This setting should NEVER be specified in any config files for the web application.

For convenience, in the AWS management console view details for the EC2 instance corresponding to the EBS environment. From there, click the Connect button at the top for details on how to connect to the instance.

  • Get the ID of the EC2 instance Amazon EC2 console > Instance ID column (or use describe-instances from the AWS CLI)
  • Get the public DNS of the instance Amazon EC2 console > Public DNS column (optionally click show/hide and select Public DNS column)
  • Private key Fully-qualified path to .pem file for key pair specified when the instance was launched.
  • Enabled inbound SSH traffic from your IP address to the instance Ensure the security group associated with the instance allows incoming traffic from the local IP address.[3]

Key Pairs[edit]

Create a key pair on an EC2 instance after creating an inbound rule for the SSH port.

  • EC2 Management Console > select the EC2 instance linked to the EBS environment
  • Network & Security group (on lefthand menu) > Key Pairs
  • Create Key Pair button at the top right
    • Name: descriptive token
    • Key pair type: RSA
    • File Format: .pem
    • Click Create
    • Download the .pem file to ~/.ssh/
    • (If the certificate file downloads with a ".cer" extension, it is still in .pem format. It is ok to simply change the extension from ".cer" to ".pem".)
  • After the .pem file is installed in the ~/.ssh/ directory, make sure its permissions are set to 700.

Link an EBS environment with a key pair.

  • EB Management Console > application > environment
  • Configuration > Security > Edit
  • Key Pair: Select the key pair created for the EC2 instance.

At this point, the server should be ready to accept ssh connections.

An existing key pair cannot be associated with an existing EC2 instance. Well, they can, but it may be simpler to create a new Elastic Beanstalk and a new EC2 instance along with it.

Connecting[edit]

$ eb ssh

The above is a wrapper for the following: 

$ ssh -i ~/.ssh/nrosedevs-aws.pem ec2-user@[Public_DNS_address]

The Public DNS Address is retrieved from the AWS EC2 Dashboard, under Instances. Click on the individual instance to view its public DNS.

ec2-user is the user name for Amazon Linux servers. Other server types may have different user names, e.g. Ubuntu's user is ubuntu.

The .pem file was created and downloaded when a key pair was created for the EC2 instance. If ssh access is needed on a different machine, the .pem file must be copied over from a machine that has already had the .pem file installed.

Troubleshooting[edit]

TK

Configuration[edit]

I had a hell of a time getting this to work using an existing EC2 instance. I ended up rebuilding the Key Pair, IAM Role, and EC2 instance. Then and only then did this work... actually come to think of it, I suspect that the problem might have been in the configuration of the EC2 instance. Where the directions say to select Enable for the Auto-assign Public IP, initially I left it at the default setting. I can't see a way of going back and changing this setting once the instance is created.

When a Key Pair is created through the AWS management console, a .pem file containing the pair is generated.

This file is created once, and cannot be generated again at a later date.

Save the .pem file locally, e.g. in ~/.ssh/ or c:\users\damien\.ssh\.

On Mac OS use ssh via the terminal.

The AWS documentation stresses using PuTTY on Windows, but it's possible to use a Powershell prompt also. Maybe the Powershell prompt isn't as secure?

PuTTY uses a .ppk file to hold the key pair, while the Powershell prompt uses the .pem file.

Prerequisites[edit]

  • A running EC2 instance
    • EC2 dashboard
    • Navigation pane > Instances > Instances
      • Confirm that the EC2 instance exists, and that it is running.
      • Retrieve the public DNS for the EC2 instance from this page.

Notes[edit]

  1. Connecting to Your Linux Instance Using SSH - EC2 User Guide
  2. Connecting to Your Linux Instance from Windows Using PuTTY (AWS documentation)
  3. Authorizing Network Access to your Instances
Retrieved from "https://wiki.dbarchowsky.com/index.php?title=Enabling_SSH_Connections_to_an_Elastic_Beanstalk_Environment&oldid=3359"