EC2 instances, RDS database and many other resources reside in VPCs. To access them we need a network connectivity - either through a VPN, Direct Connect, or through a Jump / Bastion Host. That's stating the obvious. Sometimes, however, it's inconvenient or difficult to achieve a direct connectivity ad-hoc - maybe you are in a [...]
In the previous post - Using SSM Session Manager for interactive instance access - I showed you how to access EC2 instances through AWS Systems Manager (SSM) Sessions without having to open Security Groups or firewall ports, maintain SSH keys, VPNs, Jump Hosts, and so on. The native way for starting a SSM Session with [...]
You may argue that interactive login to EC2 instances should never be needed. Everything is dynamic, automated, self healing, centrally logged, and so on and there is no place for human interaction, right? But lets be honest - the world isn't perfect and we all sometimes need to jump into bash to do stuff for [...]
Easily deploy complex CloudFormation templates with external resources such as Lambdas or nested stacks.
Sometimes it's handy to know what IP address ranges are used in different AWS Regions. You may want to whitelist access to your region AWS endpoints, or from global CloudFront location, or set up some special routing rules, or look up which region a certain IP belongs to. ip-ranges.json & filter-ip-ranges AWS publishes ip-ranges.json [...]
In the previous post I explained how to Use Cross-account access through AWS Console. Today I'll show you how to do the same in the command line using aws-cli. We've got Access and Secret keys for the Login account and want to use aws-cli to create and manage resources in the Dev account above. [...]
One of the parameters required for launching an EC2 instance is a Key Pair which is effectively an SSH Key used for interactive logging into the default user account - on Amazon Linux it's the ec-user account - or for decrypting the Windows Administrator's password. It is easy to create a new Key Pair / [...]
In the previous post about Access & Secret Keys I emphasized that those keys - static keys - should never be used in production and in fact they should never leave your laptop. But what if you need to call the AWS services from scripts or programs running on an EC2 instance? In a typical [...]
When working with AWS API the clients (programs, scripts, etc) must have a way to prove who they are and what level of access to Amazon services they should have. In a typical scenario an AWS user runs aws cli (or a script using aws cli) to interact with Amazon. For example to create a [...]