I have a Basic plan AWS account that I use for doing some labs and PoCs since I start doing some Devops.
Lately I'm no more able to connect to created instance via SSH (despite that I create a rule for port 22) after changing a couple of network params.
Is there a way to reset my AWS account so I get back to my default configuration ?
Finally, I used aws-nuke but I couldn't remove all my resources for some reason (I might had missed something).
But when I changed region from Paris to Frankfurt I was able to create EC2 instances and access them via SSH.
Related
I'd like to know if there is an approach to automatically join an EC2 instance (launched via ElasticBeantalk) to an Active Directory already hosted in an EC2 Windows Server.
Following this document below I could see that is possible using AD Connector or AWS Simple AD (either will give a "directoryId)," but in my case, the AD already is hosted in an EC2.
https://aws.amazon.com/blogs/security/how-to-configure-your-ec2-instances-to-automatically-join-a-microsoft-active-directory-domain/
You can do it by following the same path - but instead of relying to the default SSM document for Managed AD, you should create a custom one.
In it, you can omit the directory id and rely on DNS name / IP address of your EC2 AD and respective domain name, username and password with which you join.
This approach is partially described in the following blog post. It has an actual SSM document as a CloudFormation stack which you can use as a base.
In order to fully automate it you can create an Amazon EventBridge rule that will be looking for EC2 Launch instance events and has SSM Run Command as a target (Run Command can start your custom SSM document). There are some dedicated Beanstalk events that may be useful in this regard as well.
Bear with me, what I am requesting may be impossible. I am a AWS noob.
So I am going to describe to you the situation I am in...
I am doing a freelance gig and was essentially handed the keys to AWS. That is, I was handed the root user login credentials for the AWS account that powers this website.
Now there are 3 EC2 instances. One of the instances is a linux box that, from what I am being told, is running a Django Python backend.
My new "service" if you will must exist within this instance.
How do I introduce new source code into this instance? Is there a way to pull down the existing source code that lives within it?
I am not be helped by any existing/previous developers so I am kind of just handed the AWS credentials and have no idea where to start.
Is this even possible. That is, is it possible to pull the source code from an EC2 instance and/or modify the code? How do I do this?
EC2 instances are just virtual machines. So you can use SSH/SCP/SFTP files to and from. You can use the AWS CLI tools to copy stuff from S3. Dealers choice...
Now to get into this instance... If you look in the web console you can find its IP(s), what the security groups (firewall rules), and the key pair name. Hopefully they gave you the keys. You need these to SSH in.
You'll also want to check to make sure there's a security group applied that has SSH open. Hopefully only to your IP :)
If you don't have the keys you'll have to create an AMI image of the instance so you can create a new one with a key pair you do have.
Amazon has a set of tools for you in Amazon CodeSuite.
The tool used for "deploying" the code is Amazon CodeDeploy. By using this service you install an agent onto your host, then when triggered it will pull down an artifact of a code base and install it matching hosts. You can even specify additional commands through the hook system.
But you also want to trigger this to happen, maybe even automatically? CodeDeploy can be orchestrated using the CodePipeline tool.
I have been setting up Amazon EC2 Systems Manager in order to manage our Windows patch management setup. All looking good so far as we can get the on premises servers listed in the console using the activation.
I have activated the following servers on the same activation (without entering a name as part of the activation). As I have now around 5 managed instances on there they have no name. In the MI section I can see the computer name but when it comes to the run command or to do anything I am only able to see the instance ID.
AWS ECS Systems Manager - Managed Instances, need to be able to set the name
How can I go back and update the name for these managed instances? Don't really have to add each server on a seperate individual activation again?
Thanks
You can set the name of your managed instances by setting the Name tag on the instance. At the moment you have to use the AWS CLI or the AWS PowerShell tools to do this, but once done you'll see the name in the console.
You can find the AWS CLI documentation here: http://docs.aws.amazon.com/cli/latest/reference/ssm/add-tags-to-resource.html
> aws ssm add-tags-to-resource --resource-type ManagedInstance --resource-id <your managed instance id> --tags Key=Name,Value=<instance name<
Hope this helps.
What I want to do is use Ansible to create an ECS cluster, then create an EC2 instance and launch it into that cluster, but I can't seem to find a way to do that. I've had no trouble launching and configuring an EC2 instance on its own so far, but it's this next step that's totally blocking me.
The AWS documentation says I can create an EC2 instance with User Data to assign it to a cluster, but this doesn't seem to work when I use the user_data field of Ansible's ec2 module. This is what I have in that field:
#!/bin/bash
echo "ECS_CLUSTER=my-test-cluster" >> /etc/ecs/ecs.config
I feel like there must just be something I'm not seeing, or else some basic understanding I'm missing. I'm hoping someone can provide some pointers here.
Edit: I wasn't originally using the right ECS-optimized AMI, but even after starting an instance with the correct image I don't see a difference.
I think what you are missing is the proper policy on the instance to associate itself with the cluster. It sounds like you have the rest of it setup fine. I would safely assume that if you logged into the server and checked the ECS logs from the agent that you would see permission issues.
Take a look here http://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html I had a similar issue myself before and setting the proper permissions fixed it.
Another possibility is that your instance doesn't have Internet access:
Container instances need external network access to communicate with the Amazon ECS service endpoint, so if your container instances do not have public IP addresses, then they must use network address translation (NAT) to provide this access.
I created a Amazon AWS EC2 instance under my account and made an website/ftp on it, now a new partner wants to move the instance under his company account so his company can pay the bills.
We can't change the instance IP because banks in the region are communicating with the server.
How can I move the instance to a different account without having to change anything on the configuration?
The short answer is: No, you cannot move an running instance from one account to another unless and ofcourse AWS Technical support has some magic available behind the curtains.
You can However, Create an AMI from this instance and share this AMI with other users/account. refer: http://aws.amazon.com/articles/530
To share or migrate EC2 instances from a source account to a target
account follow these steps:
Create a custom Amazon Machine Image (AMI)
from the instance you want to share or migrate. Be sure to include all
required EBS data volumes in the AMI.
Note: Data stored on instance store volumes isn't preserved in AMIs, and won't be on the instance store volumes of the instances
that you launch from the AMI.
Share the AMI with the target account
using either the EC2 console or the AWS Command Line Interface (CLI).
From the target account, find the AMI
using the EC2 console or the AWS CLI.
Launch a new instance from the shared AMI
on the target account.
Note: The private IP address of VPC instances will be different in the new account, unless you specifically set them during
launch.
Related information
Changing the Encryption State of Your Data
AWS CLI Command Reference (EC2)
Source: Transfer Amazon EC2 Instance
This is not possible.
AWS Support does not have access to copy Amazon EC2 resources or
manipulate any configuration options in AWS accounts. You can't
separate an AWS account from an Amazon.com account or transfer
resources between AWS accounts. It is possible to manually migrate
Amazon EC2 resources from one account to another by completing the
steps described here.
Source : https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-ec2-instance/
I'm working with several hundreds on EC2 instances in several AWS regions and accounts. You can move an EC2 instance to another AWS account, however, you can't move the Elastic IP and it will take up 16 steps with AWS CLI, if you want to migrate Tags and clone the Security Groups. I wrote a detailed post with the whole process at https://medium.com/#gmusumeci/how-to-move-an-ec2-instance-to-another-aws-account-e5a8f04cef21.
there are more than 10 steps involved in doing the cloud move. I would suggest you use Infrastructure as a Configuration (terraform and CloudFormation) or Infrastructure as a real code (pulumi and CDK)
however if you want to give a go at a nice tool I found called KopiCloud. Please feel welcome to try it and leave your comments below. Is good if you need to move instances on a quick lift and shift scenario.
You can re-think the design of having the banks in the region communicating to your servers via IP.
If the banks communicate using DNS names, you have much more flexibility to move your servers around.
You can also achieve improvements in high availability and resiliency by moving to DNS connections.
So a plan might be
Setup a DNS record for your existing server
Get the banks who connect to your server to connect via the DNS name
Setup your new server in the other account (other answers describe this)
Cut the banks over to your new server in the new account simply by updating the DNS record
I haven't tried load balancing across accounts, but that may be another option, which would give you HA as a bonus. By registering your current instance, and new instance in another account as targets with a load balancer and getting your clients to connect to the load balancer, you could cut over to the other account. The only part I haven't tried is registering targets in different accounts, but looks like this should be possible with an AWS Network Load Balancer