[email protected]

Docker Small Hints #3: SSH into your AWS Elastic Beanstalk Component

Was quite a hassle in the past to setup SSH connectivity into your Elastic Beanstalk instance, luckly this got simplified. With the eb Version 3 command tool you get all the necessary support.

First install the
eb cli interface, as described here


Run eb init, which will configure the eb command line to one of your running eb instances.


iMac:~ Felix$ eb init 
  Select a default region
 1) us-east-1 : US East (N. Virginia) 
  2) us-west-1 : US West (N. California) 
  ... 
  (default is 3): 
  Select an application to use 
  1) curationApp
 2) [ Create new Application ] 
  (default is 2): 1 


Now configure your EB Environment to allow ssh inbound traffic, via
eb ssh —setup command. Be aware that will result in a re-creation of your EB environment.
Amongst others the command will create the public/private keypair as well which is put under the default name aws-eb into your local
.ssh directory


iMac:~ Felix$ eb ssh --setup
 WARNING: You are about to setup SSH for environment "curationApp-prod". If you continue, your existing instances will have to be **terminated** and new instances will be created. The environment will be temporarily unavailable. 
  To confirm, type the environment name: curationApp-prod 
  Type a keypair name.
 (Default is aws-eb):
 Generating public/private rsa key pair. 
   ... 

  Your identification has been saved in /Users/Felix/.ssh/aws-eb. 
   ... 
  WARNING: Uploaded SSH public key for "aws-eb" into EC2 for region us-west-2. 
  INFO: Environment update is starting.                              
 INFO: Updating environment curationApp-prod's configuration settings.
 INFO: Created Auto Scaling launch configuration named: awseb-e-...-stack-AWSEBAutoScalingLaunchConfiguration-1D8ET9F9BZ592
 INFO: Deleted Auto Scaling launch configuration named: awseb-e-...-stack-AWSEBAutoScalingLaunchConfiguration-8JDT6IAKL1QQ 
  INFO: Successfully deployed new configuration to environment.  


You are now ready to connect with the
eb ssh command.


iMac: ~ Felix$ eb ssh 
  INFO: Attempting to open port 22. 
  INFO: SSH port 22 open. 
         __|  __|_  )
        _|  (     /   Amazon Linux AMI 
        ___|\___|___| 
  [ec2-user ~]$  


Log files of your instances can be found in the /var/log directory. The log file of your en-docker instance you will find in the following subdirectory.


[ec2-user ~]$ cd  /var/log/eb-docker/containers/eb-current-app 
  [ec2-user eb-current-app]$ ls -l  
  insgesamt 136
 -rw-r--r-- 1 root root 67113425 14. Mai 06:34 894d84f26a6a-stdouterr.log 
  drwxr-xr-x 2 root root     4096 14. Mai 06:01 rotated 


Looking at the details of the configuration triangle

Memorize the following picture, which shows you the major concepts of a EC2 setup. AWS EC2 is the underlying Linux Container Infrastructure on top of which your EB managed Docker Applications will run.

You Docker Container will run within one EC2 instance, represented by the orange Instance box. For each EB Docker Instance there will be one EC2 Instance instantiated.



The EC2 instance will have Security Groups to control the access. There is a Security Group for each EB-Instance you are running, which by default allows inbound access from the http port. This security group is now extended to allow SSH inbound traffic.
In the dashboard you will see a Security Group Name which contains the substring AWSEBSecurityGroup (this value is also a tag value of the group for tag name
aws:cloudformation:logical-id (Tab Tags))


This Security Group ASWEBSecurityGroup is the configured Security Group of your EC2 docker instance running the EB environment. You would find the link in the column security group when click on Instances (left hand menu) in the Dashboard


As mentioned above a Key Pair was created with the default name aws_eb (left hand menu Key Pairs). The eb setup command made sure that this key pair was downloaded to your local .ssh directory.


So now we have (1) a EC2 Instance configured with (2) a Security Group for SSH inbound traffic and we have (3) a Public/Private key pair which allows us to authenticate ourselves.

The missing combination of (2) Security Group with (3) Key Pair can be found in the Elastic Beanstalk Dashboard via the Server Configuration tab. You can see here the Security Group as well as the drop box EC2 key pair, which ties the relevant Key Pair to the configuration. That’s it.







comments powered by Disqus