Accessing a dev server when doing remote / cloud development - amazon-web-services

I'm attempting to find a completely remote / cloud-based development workflow.
I've created an aws free-tier ec2 instance and on that box I've been developing a gatsby site (the framework doesn't matter, the solution I'm looking for should be framework agnostic). Since the code is on another box, I can't run the dev server and then from the local computer hit localhost as I would normally.
So,
What do I need to do so that I can run gatsby develop and hit my dev server that's hosted on the ec2 box?
How do I provide public access to that endpoint?
Is it possible to provide temporary access so that when I log off of the box, it's no longer accessible?
Is there some mechanism I can put into place so that I'm the only one that can hit that endpoint?
Are there other features that I should be taking advantage to secure that endpoint?
Thanks.

I can't run the dev server and then from the local computer hit localhost as I would normally
You can. You can use ssh to tunnel your remote port to your localhost, and access the server from your localhost.
What do I need to do so that I can run gatsby develop and hit my dev server that's hosted on the ec2 box?
ssh into the dev server, run gatsby develop and either access it on localhost through ssh tunnel or make it public to access through its public IP address.
Use sshfs to mount a development folder on the dev server onto your localhost.
Alternatively, you can setup vncserver on the dev server, tunnel vnc connection using ssh, and access the dev server using through a remove desktop. Something liteweight would be good, e.g. fluxbox as a desktop environment for vnc.
Is it possible to provide temporary access so that when I log off of the box, it's no longer accessible?
yes. through ssh tunnel. You close tunnel and the access is finished.
Is there some mechanism I can put into place so that I'm the only one that can hit that endpoint?
ssh tunnel along with security group to allow ssh for your IP address only.
Are there other features that I should be taking advantage to secure that endpoint?
Security groups and ssh tunneling would be primary choices to ensure secure access to the dev server.
You can also make the endpoint public, but set security group of your dev server to allow internet access only from your IP.
You could also put the dev server in a private subnet for full separation from the internet. Use bastion host to access it or setup double ssh tunnel to your localhost.
Other way is to do all development on localhost, push code to CodeCommit and have CodePipeline manage deployment of your code to your dev server using CodeDeploy.
You can also partially eliminate ssh by using SSM Session Manager.
Hope this helps.

Related

proxy(?) server for connecting to cloud sql instance (GCP)

I have a postgresql database on the google cloud platform (cloud SQL). I'm currently managing this database through pgadmin, installed on my laptop. I've added the IP address of my laptop to the whitelist on the cloud sql settings page. This all works.
The problem is: when I go somewhere else and I connect to a different network, the IP address changes and I cannot connect to the postgresql database (through pgadmin) from my laptop.
Is there someone who knows a (secure) solution, involving a proxy server (or something else), to connect from my laptop (and only my laptop) to my postgresql database, even if I'm not on a whitelisted network (IP address)? Maybe I can set up a VM instance and install a proxy server and use this? But I have no clue where to start (or search for).
You have many options for connecting to a Cloud SQL instance from an external applications such a Public IP address with SSL, Public IP address without SSL, Cloud SQL proxy, etc. You can see all of them here.
Between all connection options there exists Cloud SQL Proxy, it basically provides secure access to your instances without the need for Authorized networks or configuring SSL on your part.
You only need to follow the steps listed here and you will be able to connect your Cloud SQL instance using the proxy.
Enable Cloud SQL Admin API on your console.
Install the proxy client on your local machine (Linux):
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy
Determine how you will authenticate the proxy. You can use use a service account or let Cloud SDK take care of the authentication.
However, if required by your authentication method, create a service account.
Determine how you will specify your instances for the proxy. Your options for instance specification depend on your operating system and environment
Start the proxy using either TCP sockets or Unix sockets.
Take note that as of this writing, Cloud SQL Proxy does not support Unix sockets on Windows.
Update your application to connect to Cloud SQL using the proxy.

How to access Amazon EC2 files via web browser

So I have an Amazon EC2 Free Tier Instance with Debian Jessie. There's a software running that generates an html file I'd like to access remotely.
When connected to the instance via SSH, I can remotely open a web browser and go to 127.0.0.1:8083/index.html?PARAMETER1=...&PARAMETER2=...
Now doing this is very tedious because the browser is slow. I'd like to be able to access to this file directly using the web browser in my local machine.
How do I do this? I tried replacing 127.0.0.1 with the Public IPv4 but it won't work. Do I have to open the port?
Thanks.
You would need to open port 8083 using the security groups inbound rules for the ec2 instance. Then use the public IP to access the file.

How to whitelist Swisscom PaaS domain/api for remote access

I am about to create a small web application which I might deploy to Swisscom PaaS as well.
This should be able to call a Rest API on a remote server.
Remote Server requires all incoming requests to be whitelisted by IP/domain.
Is it enough to whitelist *.scapp.io or myapp.scapp.io when myapp deployed on Swisscom PaaS should be able to access remote API or is it required to use a different domain/IP due to the nature how PaaS is setup and running?
You can find out the source IP of Swisscom Application Cloud Public offering with those commands:
$ cf ssh APP_NAME
$ curl ifconfig.co
194.209.246.112
# example for developer.swisscom.com
This IP doesn't resolve to any domain name. This IP may change / not yet stable. Since the beginning of Application Cloud (more than 3 years the IP didn't change). This is the outgoing IP to whitelist in remote app.
You raised a very good point about stable IP address pool. We consider that and will document the IPs when implemented.

How do you host Django's dev server on an external IP?

Basically, my internal IP is masked by an external IP of my internet service provider. So, my internal IP can only be accessed inside my intranet. I want to let users outside the intranet to access my Dev server as well which is hosted on 0.0.0.0:8000 on my system. How do I do that?
Check out localtunnel on github, it does exactly what you're asking.
https://github.com/progrium/localtunnel
If you are willing to go that far you can use Reverse SSH Tunnel:
open a free micro linux instance on Amazon's AWS and create a reverse SSH tunnel to redirect port 80 on the server to your machine.
This is a cool solution for testing purposes and low traffic usage...
You can read more about it here:
http://www.techrepublic.com/article/setting-up-a-reverse-ssh-tunnel/5779944

Web services authentication with remote IP

I’m developing a small application that interacts with a web service which authorizes access based on the client IP. When developing on my local machine at home, I am not allow to access the web service, unless I request an authorization for the random IP that i get from my ISP.
My question: Is there an easy way to get around this problem, since I cannot have a fixed IP at home? Proxy, vpn, etc... through a webserver with an authorized IP? How?
Thanks in advance :)
I assume this is your problem: You can only connect to remote_system from Authorized_IP system.
If you can ssh to Authorized_IP from your home PC, you can setup a ssh tunnel that forward connection to port 8080 of Authorized_IP to the port 80 of the remote_system with ssh command. If you run Linux on the Authorized_IP system, it is very simple. Windows is more complex with Cygwin sshd, it is possible.
http://www.google.com/search?q=ssh+tunnel
To answer your question directly: Dynamic DNS. For testing, point your web service at a hostname that your get from a dynamic DNS provider such as http://dyndns.org. Then download a tool that automatically updates your DNS entry with your dynamically assigned IP address.
But more to the point, why can't you just use your localhost (127.0.0.1) as your IP address for developing, debugging, testing?