ssh
from my laptop to connect to the OS shell of my EC2 instance running SAP HANA, express edition. But I started thinking and investigating how to connect to it from AWS CloudShell. In GCP Shell I would use something like gcloud compute ssh
, so what was equivalent in AWS?sudo zypper install ec2-instance-connect
export AWS_REGION=eu-central-1
#Get Instance ID and its status
aws ec2 describe-instances --filters "Name=tag:Name,Values=HXE02" \
--query "Reservations[*].Instances[*].{InstanceID:InstanceId,PublicIP:PublicIpAddress,Name:Tags[?Key=='Name']|[0].Value,Status:State.Name,AvailabilityZone:Placement.AvailabilityZone}" \
--output table
#Start the EC2 instance, if required
aws ec2 start-instances --instance-ids i-033f738d907b0773f
#Install user mssh tool
python3 -m pip install ec2instanceconnectcli --user
#Connect to the instance
mssh --region eu-central-1 i-033f738d907b0773f
Connection timed out
because the SSH port is blocked for ingress from addresses other than my laptop for now. I need to add another rule to allow ingress from the CloudShell instance.#Set the AWS region
export AWS_REGION=eu-central-1
#Get Instance's VPC ID
aws ec2 describe-instances --filters "Name=tag:Name,Values=HXE02" \
--query "Reservations[].Instances[0].NetworkInterfaces[0].VpcId[]"
#Returned vpc-02708f64c1f7ef868
#Create a new security group
aws ec2 create-security-group --vpc-id vpc-02708f64c1f7ef868 \
--group-name SSHfromAWSCloudShell \
--description "Allow SSH access from the current CloudShell instance"
# Returned sg-056f379bebfaf0575
#Add and ingress rule to allow SSH (port 22) access from the current IP address
aws ec2 authorize-security-group-ingress --group-id sg-056f379bebfaf0575 \
--protocol tcp --port 22 --cidr $(curl -s ifconfig.io)/32
#Display security group's ingress rules
aws ec2 describe-security-groups --group-id sg-056f379bebfaf0575 \
--query "SecurityGroups[].IpPermissions"
## Assign the security group to the instance (without dropping existing assignemnts)
#Get instance Network Interface ID
aws ec2 describe-instances --filters "Name=tag:Name,Values=HXE02" \
--query "Reservations[].Instances[0].NetworkInterfaces[0].NetworkInterfaceId"
#Returned eni-0071160c754b88c6c
#Get assigned security groups
aws ec2 describe-network-interfaces --filters "Name=network-interface-id,Values=eni-0071160c754b88c6c" \
--query "NetworkInterfaces[*].Groups[*].{Name:GroupName,ID:GroupId}"
#Returned sg-0e43ac22a862322ef
#Set security groups (to include the SSH access from CloudShell)
aws ec2 modify-instance-attribute --instance-id i-033f738d907b0773f \
--groups sg-0e43ac22a862322ef sg-056f379bebfaf0575
mssh --region eu-central-1 i-033f738d907b0773f
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
13 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |