AWS Bastion Access
To access the AWS resources (e.g. EC2 devices) you first need to SSH into the AWS environment.
Last updated
Was this helpful?
To access the AWS resources (e.g. EC2 devices) you first need to SSH into the AWS environment.
Last updated
Was this helpful?
You can access the SSH Bastion from the City Hall network (140.241.0.0/16) if you have an SSH key on your AWS account and are in the SshAccess IAM group.
Request an AWS Admin to add you to the SshAccess IAM group.
From the IAM console, upload a public key for your account
Edit your /etc/hosts to add the following line: 35.169.164.239 apps-bastion
Initialize your account on the bastion by SSHing without a public key: ssh -o PubkeyAuthentication=no <username>@apps-bastion Note: your bastion username is the bit before @boston.gov on your account name.
Control-C out when it asks for a password.
SSH in with your public key: ssh -A <username>@apps-bastion (the -A forwards the SSH agent, which is important for SSH'ing on to the instances.)
From the Bastion, you can get to the EC2 instances which host the ECS services.
Request that the AWS Admin share the ec2-user private keys and passwords with you via dashlane. There are 2 keys one for production and one for staging. Save whichever you need, or both, into your ~/.ssh folder.
Ensure the permissions on the private key file/s are set to 600 (chmod 600 xxxx)
Note the Private IPv4 address of the EC2 instance from the in the AWS console - this will be 10.40.15.x for staging and 10.40.115.x for production.
There are 2 production instances, you can use either.
These IPAddresses change after each deployment, so check regularly.
Once you have successfully SSH'd onto the bastion (#6 in Step 1 above), you will be able to ssh onto the instance ssh ec2-user@<ipaddress>
Once you’re on a container instance (#4 step 2 above), you can use docker commands to inspect containers
for example some useful commands are:
??? Outside of the containers, the ec2-user account can use sudo -s to open up a shell with root access.