AWS - SSH into EC2 created via Cloudformation - amazon-web-services

I am new to AWS and I wanted to ask this. Is there a way to SSH into an EC2 instance created via Cloudformation?
I just wanted to ask since key pairs are generated upon manual creation of EC2 instances in the AWS console right? What if the EC2 was created from Cloudformation?

When you create an ec2 instance, then you can use an existing KeyPair to login into the other hosts. You just need to provide the existing KeyPair whenever you create any instance.
Make sure KeyPair file has been downloaded after creating it.
In case of cloudformation, just mention the same keyPair in Template.
Below is the sample cloudformation yaml having KeyPair mentioned :
---
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-1a
ImageId: ami-0b898040803850657
InstanceType: t2.micro
KeyName : EssentialKeyPair
You need to make sure it is present in the EC2 Dashboard as well
Once stack creates your EC2 instance, just log in to the host using below command :
ssh -i EssentialKeyPair.pem ec2-user#<Public-IP>
You can verify whether your instance is using the same keyPair that you have provided in the Template through EC2 Dashboard :

Related

Assigning an AWS Elastic IP to an EC2 Instance in Lambda

Is there a way to assign an elastic ip to a ec2 instance that was just made using cloud formation scripts in amazon aws? I'm not able to find any simple examples of how to "get an elastic ip" by it's tag, or any api references about whether or not this is even possible. I need to first get the elastic ip by it's tag, and then assign it to an existing instance in lambda.
In the AWS CLI (I'm using 2.2.4) I can get EIP's by the Name tag:
aws ec2 describe-addresses --filters "Name=tag:Name,Values=some-tag-here"
My tag has the Key "Name" as part of it.
For Python/Boto3 you can run something like:
import boto3
client = boto3.client('ec2')
response=client.describe_addresses(...)
where the parameters to describe_addresses are defined in these docs.
From AWS::EC2::EIP - AWS CloudFormation:
MyEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref Logical name of an AWS::EC2::Instance resource
The easiest way is to include this in the same template that launched the EC2 instance. The !Ref can then refer to the instance elsewhere in the template. If you want to assign an Elastic IP address in a separate template, then you would need to provide a reference to the EC2 instance that was previously launched.

Using the IP of 1 EC2 instance in a configuration file of Other EC2 instance

I am new to Cloud Formation.
I need a little help. I have created 2 EC2 instances using .yaml file. One is my database instance and other is my web instance. Now I have to give the IP of my database instance in a configuration file of my web instance.
How can it be done?
You can refer to the private IP address of an EC2 instance using !GetAtt db-instance.PrivateIp (where db-instance is the node name of that instance in your YAML template (at the top-level of the definition).
See: AWS::EC2::Instance - Return Values

Must You Have a Correct EC2 AMI ID?

I tried launching a Linux Instance with cloud formation Using just a random generated AMI id in my head and it did not work. Must I have the exact id provided by AWS like ami-0b69ea66ff7391e80?
Resources:
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami- <******> # Amazon Linux AMI in N.Virginia
Tags:
- Key: Name
Value: EC2 Linux
ami-0b69ea66ff7391e80
The Amazon Machine Image (AMI) is a operating system (OS) image to boot the server (EC2 Instance).
The AMI contains the OS (eg Linux or Windows), plus software, applications and any desired data. You can use a pre-provided AMI from AWS (base OS with default software) or the AWS Marketplace with custom software bundled. Even you can create one of your own with software and data pre-installed.
When starting an Amazon EC2 instance, an AMI must be specified. This AMI will then be copied to the boot disk for the instance to start. Thus, if you do not specify an AMI, the instance cannot boot so it will be disallowed.
Resources:
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0b69ea66ff7391e80 # Amazon Linux AMI in N.Virginia
Tags:
- Key: Name
Value: EC2 Linux
Go to your console
Attempt to launch an Instance
Copy the AMI id e.g ami-0b69ea66ff7391e80
and then launch using cloud formation template generated

AWS ECS cluster is not showing container

I am trying to create an ECS cluster(using cloudformation template), where i can create an instance installed with an provided AMI through Yaml file
But the problem i am facing -
In Yaml file -
I am creating a cluster then creating a service and task with minimum required values
The cluster is creating service is also creating but I can't see any Container instance there.
How can I be able to see container instance, what kind of changes/modifications I need to make in my YAML file?
ECS is amazon manage service you donot have any type of access to underlying resources.
ECS also known as fargate and in that task is there it & not create container instances.
there is total two launch type in ECS where
ECS fargate launch type
EC2 launch type
in second launch type ec2 only it create container instance and you can watch it in ec2 section while with fargate you have to manage it as task defination
Launch type definition documentation : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html
you can read more here : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
For EC2 launch type your cluster type will be same
Type: AWS::ECS::Cluster
But SG, VPC,NATGateway and other resources will change
EcsHostSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Access to the ECS hosts that run containers
VpcId: !Ref 'VPC'

Ansible: apply IAM role to ec2 machine while deployment using ansible

I am planning to use Ansible as solution for deploying ec2 machines. I have attached IAM role for the master machine with appropriate permissions.
I can attach security groups, tags, elastic IP etc by defining tags in playbook.
Now, while deploying a new ec2 instance using playbook, can I attach a specific IAM role, for example, which has access to a given S3 bukcet or so.
Yes. It is possible. The parameter is called instance_profile_name
instance_profile_name - Name of the IAM instance profile to use.
- ec2:
key_name: mykey
group: databases
instance_type: t2.micro
instance_profile_name: S3Role
...