SSH into AWS machines
This document explains how to SSH into machines in AWS, as it’s markedly different than for Carrenza.
In AWS, there are no static hostnames, so we can’t have
backend-1.backend.integration to SSH to like in Carrenza. EC2 instances have
dynamically assigned IPs, which means hostnames like
ip-10-1-5-53.eu-west-1.compute.internal. Each Puppeted instance has a “node
class” (backend, frontend, …), and the list of instances belonging to these
classes is accessible via
Ensure that your SSH configuration is up to date.
Use SSH proxy configuration
Using the SSH configuration supplied above, you should be able to go directly to instances using:
This is useful when responding to machines within Icinga.
If you do not know the hostname of the type of node to connect to, list them by running:
ssh integration "govuk_node_list -c <node type>"
$ ssh integration "govuk_node_list -c backend" ip-10-1-5-57.eu-west-1.compute.internal ip-10-1-6-88.eu-west-1.compute.internal
SSH with agent forwarding to the jumpbox:
ssh -A friendlygiraffe@integration
govuk_node_listto narrow down the IP addresses you require:
govuk_node_list -c backend
In most cases, you’ll get multiple hostnames as the output of that command, for example:
Choose one, and copy/paste into a normal SSH command:
To get to a single node, you can use the
govuk_node_list, straight into your SSH command:
ssh `govuk_node_list -c backend --single-node`