I have a Single-Instance EB environment, with an elastic ip. However, I can't seem to ssh to the current instance using the elastic ip, only the private ip. How do I fix it?
When I try to ssh using the elastic ip, it just hangs.
Your Elastic Beanstalk instance won't have port 22 open by default. Either you have to add a security group that has it open (can also add port 22 to an existing security group that is already used) or you can use the CLI to SSH to your instance.
eb ssh
It will open the port for you automatically while you are logged in.
Related
I’ve a question regarding Compute VM and its associated privileges. I have ‘Owner’ privileges at Project level. I created a VM but was not able to assign an external IP address to it. Upon referring to google cloud docs, it appears that I’ll still be able to connect to this VM using VPN or IAP. Upon clicking the SSH link next to the VM, I see that it uses a Cloud-IAP tunnel but the connection fails.
Here is the error message
External IP address was not found; defaulting to using IAP tunneling.
ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4003: u'failed to connect to backend'].
ssh_exchange_identification: Connection closed by remote host
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
How do I go about connecting to this VM?
Appreciate your help with this
https://hodari.be/posts/2019_09_30_access_private_gke_nodes_with_ssh/
https://cloud.google.com/iap/docs/using-tcp-forwarding
Firewall rules that are configured to allow access from Cloud IAP's TCP forwarding netblock, 35.235.240.0/20, on all ports of your machine. This ensures that connections are allowed from Cloud IAP's TCP forwarding IP addresses to the TCP port of the admin service on your resource. Note that you might not need to adjust your firewall rules if the default-allow-ssh and default-allow-rdp default rules are applied to ports used for SSH and RDP.
As probably you already have default-allow-ssh instead of trying:
gcloud compute start-iap-tunnel stage-es-kibana 5601 --local-host-port=localhost:5601
jump to port via extra ssh layer:
gcloud compute ssh stage-es-kibana -- -N -L 5601:localhost:5601
or open Google Firewall between host/port stage-es-kibana:5601 and subnet 35.235.240.0/20.
This is a permissions issue.
You are trying to ssh into your vm thru google's IAP proxy.
You don't have permissions to create the tunnel from your computer to the proxy server.
You need have the role "roles/iap.tunnelResourceAccessor" to ssh to your vm:
It seems that the GCP CE requires to initialize SSH and other services after its RUNNING status.
I used a workaround by adding a sleep (60 sec) command, after starting the VM and before SSH using the IAP tunnel.
In my case I solved or worked around it by omitting the --tunnel-through-iap parameter that is passed to gcloud compute ssh.
try open Google Firewall subnet 35.235.240.0/20
I have a Linux elastic beanstalk app running on aws. I need to figure out what folders the apps are installed in order to create a cronjob correctly.
Is it possible to open a terminal to ebs server?
Yes it is possible. To SSH to the Elastic Beanstalk Instance, you will need to use the EC2 key pairs and configure the Security Groups allowing SSH access from the client.
If you place the server in a private subnet, you might need to create a Bastion Host in a public subnet within the same VPC. Then you can SSH to the Bastion host and SSH to your sever from there.
I have an ElasticBeanstalk application that uses Docker to run a small Laravel PHP API.
The app cannot connect to MySQL when running in ElasticBeanstalk.
The MySQL DB is a publically available AWS RDS instance.
I've run my Docker container locally and the app can connect just fine.
When I deploy to ElasticBeanstalk the app cannot connect...
Can anyone point me in a direction to help debug this?
SOLUTION
For anyone else who stumbles on this:
The solution was to create a new security group for both the EC2 instances and the RDS database. The two security groups opened up access via port 3306 for the instances and the database.
I also ensured the EC2 instances were available across every subnet and in the same VPC as my database.
Taken from the answers below and bit of help from a SysOps friend of mine.
You may want to check the EC2 Security Group Rules attached to Elastic Beanstalk to allow TCP at port 3306 for MYSQL type.
High chance that your ec2 instance does not have a public ip assigned to it. If you're trying to connect to the public IP of RDS without a public ip on the ec2 instance you won't be able to.
The ec2 instance will either need a public ip or it will need to have external internet connectivity through NAT.
I have been trying to figure out a way to ssh into an ec2 instance behind an elastic load balancer without assigning the ec2 instance an Elastic IP
Usually I would assign an Elastic IP onto an ec2 instance and just SSH and SFTP through that way but is their another way ,I can ssh and sftp without assigning it an elastic ip through PuTTy?
I tried this configuration - the ELB port to be 2222 and the Instance port to 22. It worked for me. For simplicity I used the same SG for both EC2 and ELB.
Similarly you can route the PORT 2220 to 20, 2221 to 21 like this for SFTP
TCP Port 2222(ELB) to 22 (Instance)
Open Putty and enter the ELB DNS with Port 2222 [Be sure if the 2222 is opened to your exit IP of office / public IP via. the SG]
Get the Connection Established [the IP 14.0.1.87 is ELB's ID and not the public IP of my machine]
Is it possible to do the following?:
I have a local Mac running OS X Lion with a MySQL Server installed which runs different processes regularly and stores data into a local DB.
On the other hand I have an Amazon EC2 instance.
What I would like to do is to use the Amazon instance to perform certain cronjobs (using its own resources) but connecting to the data that is on my localhost (my computer) and performing basic SQL actions like updating the data, inserting, etc.
I don't know if this helps, but I have a static IP. Is there any way I can "open" my IP so the Amazon instance can recognize my home computer as a valid MySQL server?
Thanks for your help, any tip in the right direction will be much appreciated.
If your EC2 instance is connecting to your local db you'll need a static IP locally. Well not need... but if you don't have it anytime you reset your router or loose power etc your ip will change. You can look into Dynamic DNS as well for your local instance.
Your ISP will not block your port on your local instance. This would be a firewall inside your network that is preventing you from connecting to mysql or a configuration with mysql itself. Users can only connect to mysql from certain IP addresses.
You would have to open up the mysql port on your firewall if you are using one, have the mysql client installed on your EC2 instance, and make sure that the user that had proper grantable permissions.
That said why not run cron locally on the mac?
If you can login to your server via SSH then there's no need to open any other port and no static IP is required. You can use SSH port forwarding instead. From your local machine run:
ssh -C -R 5555:127.0.0.1:3306 <your-server-host>
Now you should be able to connect to your Mac's database running on localhost:3306 from the remote server at localhost:5555.