Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Networking TF: Added EC2 Instance Connect Endpoint (EICE) #526

Merged
merged 1 commit into from
Jan 20, 2025
Merged

Networking TF: Added EC2 Instance Connect Endpoint (EICE) #526

merged 1 commit into from
Jan 20, 2025

Conversation

victorskl
Copy link
Member

@victorskl victorskl commented Jan 6, 2025
edited
Loading

  • You may typically want to EICE enabled private network Security Group
    which can be looked up name ssh_from_eice. Add this SG to your VM
    instance created in private subnet. Then you no longer need public IP
    to connect to this instance. Just need to do like so.

    aws ec2-instance-connect ssh --connection-type eice --os-user [ubuntu|ec2-user] --instance-id [i-1234567replace]

    Or, punch local tunnel like so:

    aws ec2-instance-connect open-tunnel --instance-id [i-1234567replace] --local-port 2222

@victorskl
Networking TF: Added EC2 Instance Connect Endpoint (EICE)
fdf8383 
* You may typically want to EICE enabled private network Security Group
  which can be looked up name `ssh_from_eice`. Add this SG to your VM
  instance created in private subnet. Then you no longer need public IP
  to connect to this instance. Just need to do like so.

  aws ec2-instance-connect ssh --connection-type eice --os-user <ubuntu|ec2-user> --instance-id <i-1234567replace>

  Or, punch local tunnel like so:

  aws ec2-instance-connect open-tunnel --instance-id <i-1234567replace> --local-port 2222
@victorskl victorskl self-assigned this Jan 6, 2025
@victorskl victorskl linked an issue Jan 6, 2025 that may be closed by this pull request
Provision EC2 Instance Connect Endpoint at VPC Networking stack #525
Closed
@victorskl victorskl added the feature New feature or request label Jan 6, 2025
@victorskl
Copy link
Member Author

victorskl commented Jan 6, 2025
edited
Loading

Patto, just FYI. I will replace the EICE you created in Dev account awhile ago with the resource from this stack. As EICE is limited to 1 resource per subnet per VPC.

@victorskl
Copy link
Member Author

victorskl commented Jan 6, 2025
edited
Loading

See more

andrewpatto
andrewpatto reviewed Jan 6, 2025
View reviewed changes
Copy link
Member

@andrewpatto andrewpatto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good - good idea

@andrewpatto
Copy link
Member

Can we add an EICE for the AG account? I need to spin up a machine there to do some clinical NAGIM analysis - and would prefer it lives in private subnet

@andrewpatto
Copy link
Member

Or will this happen in every account already once deployed?

@andrewpatto
Copy link
Member

ignore me - is already deployed I can see..

@victorskl victorskl merged commit 51f75fe into master Jan 20, 2025
1 check passed
@victorskl victorskl deleted the implement-eice-at-vpc branch January 20, 2025 23:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewpatto andrewpatto andrewpatto approved these changes

@reisingerf reisingerf Awaiting requested review from reisingerf

Assignees

@victorskl victorskl

Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Provision EC2 Instance Connect Endpoint at VPC Networking stack
2 participants
@victorskl @andrewpatto