This blog post demonstrates, how an OpenSSH key can be imported to Amazon platform, how to verify fingerprints, and how to use the keys on a CloudFormation EC2 instance.
This blog post uses aws-must-templates to create “a VPC with a public subnet and private subnet, and a network address translation (NAT) instance in the public subnet” similar to scenario 2 in Amazon VPC documentation. Focus is in describing steps needed to setup the environment, to create the stack, and to test the provisioned result on Amazon platform.
Amazon EC2 Instance IP Addressing sets several challenges for SSH usage, and for any tool using SSH connections:
- Amazon public DNS names encode public IP addresses. Each time an instance is assigned a new public IP address, it also gets a new public DNS name. In essence this means that the task of managing Amazon Public DNS names becomes comparable to the task of managing IP addresses.
- Using an IP address to contact an instance is complicated, because public IP Address, once released, cannot be reused. Using fixed IP addresses, such as Amazon Elastic-Ip Address, requires keeping track of reserved address, and comes with extra costs.
- EC2 instances, with only a private IP address, cannot be reached directly from the Internet.
- Private DNS names also encode the IP address they map to. On top of that, private DNS names cannot resolved outside the cloud network of the instance.
This post presents an idea to solve the challenges listed above. In short, we synchronize Amazon EC2 instance metadata automatically in OpenSSH Client Configuration file allowing SSH connections to be established using names stored in EC2 Tags. We give an example, and use it to introduce a tool, called aws-ssh-resolver, implementing the idea.
AWS CloudFormation gives developers and systems administrators an easy way to create a collection of related AWS resources and provision them on Amazon Platform. In order to make AWS infrastructure management even more efficient and manageable, aws-must-templates adds Template Generator and Test Runner to the set of available tools for an AWS administrator.
This blog entry goes trough a scenario starting with installation of aws-must-templates, continuing with creation an AWS infrastructure, and ending with testing of the infrastructure.
In this blog post, I will introduce aws-must-templates, which is a set of mustache templates for creating CloudFormation JSON. Implementation without tests is asking for trouble, and therefore aws-must-templates are accompanied with test suites to validate correctness of the CloudFormation stacks created.