AWS Bastion Access
To access the AWS resources (e.g. EC2 devices) you first need to SSH into the AWS environment.
You can access the SSH Bastion from the City Hall network (140.241.0.0/16) if you have an SSH key on your AWS account and are in the SshAccess IAM group.
Step 1: Set up access to the bastion
Request an AWS Admin to add you to the
SshAccessIAM group.From the IAM console, upload a public key for your account
Edit your
/etc/hoststo add the following line:35.169.164.239 apps-bastionInitialize your account on the bastion by SSHing without a public key:
ssh -o PubkeyAuthentication=no <username>@apps-bastionNote: your bastion username is the bit before@boston.govon your account name.Control-C out when it asks for a password.
SSH in with your public key:
ssh -A <username>@apps-bastion(the -A forwards the SSH agent, which is important for SSH'ing on to the instances.)
Step 2: Setup access to the EC2 instances
From the Bastion, you can get to the EC2 instances which host the ECS services.
Request that the AWS Admin share the ec2-user private keys and passwords with you via dashlane. There are 2 keys one for production and one for staging. Save whichever you need, or both, into your
~/.sshfolder.Ensure the permissions on the private key file/s are set to 600 (
chmod 600 xxxx)Note the
Private IPv4 addressof the EC2 instance from the EC2 instances page in the AWS console - this will be10.40.15.xfor staging and10.40.115.xfor production. There are 2 production instances, you can use either. These IPAddresses change after each deployment, so check regularly.Once you have successfully SSH'd onto the bastion (#6 in Step 1 above), you will be able to ssh onto the instance
ssh ec2-user@<ipaddress>
Step 3: Access a running container
Once you’re on a container instance (#4 step 2 above), you can use docker commands to inspect containers
for example some useful commands are:
??? Outside of the containers, the ec2-user account can use sudo -s to open up a shell with root access.
Last updated