The thing is I have an ec2 instance with some public key inside ~/.ssh/authorized_keys to let developers ssh into this instance, but one day the autoscaling mechanism create a new instance and then drop my old instance(with authorized keys inside), and now I gotta edit the ~/.ssh/authorized_keys in the new instance again.
How can I prevent this? I mean how can I make sure whenever the autoscaling creating a new instance or dropping my old instance, it sync all of my authorized_keys, so that I don't need to do the manual copying.
Thanks very much.
I guess the AMI id which you have specified in the auto scaling contains old data. Create an AMI of your latest and update instance and remove the old AMI which you have already specified in the as-config and the add the latest AMI id. Thing will work fine.
Related
I have an EC2 instance managed by Elastic Beanstalk, and I recently changed my key pair to a new one (findy-key-2) by modifying authorized_keys, because I lost my old private key (findy-key).
$ cat authorized_keys
ssh-rsa [my private key] findy-key-2
So right now I have ssh access to my own instance.
However, perhaps because I changed the key pair manually, it seems that EC2 doesn't recognize the new key pair name correctly. In the EC2 console, it still says the key pair name is findy-key, which I already deleted.
And because of that, I'm getting the error below when trying to upgrade to Amazon Linux 2 on the EB dashboard.
Configuration validation exception: Invalid option value: 'findy-key' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'EC2KeyName'): The key pair 'findy-key' does not exist
I noticed that under Elastic Beanstalk Dashboard > Configuration > Security, I can choose the new key from the EC2 key pair drop-down. But the warning message, Each of your existing EC2 instances will be replaced and your new settings will take effect then. implying that my current instance will be terminated, is frightening me because there might be some side effects such as loosing connection to my RDS volume (yes, I'm a newbie to AWS).
Hence, I'm trying to find a way to change the key pair name of an EC2 instance without terminating and creating a new one. If that's not possible, I want to know what are the possible side effects of replacing an EC2 instance.
Thank you.
For short term solution, you can use AWS Systems Manager Session Manager to login to your instances. For this you will need to add SSM permissions to your EB instance profile/role.
You can also try using EC2 Instance Connect which may work out of the box on the instances and you don't have to do anything special to use it.
But for the long term solution, you have to use EB options for that. The reason is that you instances run in Autoscaling group and they can be terminated at any time anyway. So if you are worrying about "some side effects", they you have to redesign your application so that it is stateless. This means that your application does not depend on any instance terminations and re-launch due to autoscaling events.
I solved this by creating another private key named findy-key (which is the name of the old key I deleted before) in AWS Console, and adding its public key in authorized_keys.
When creating an AMI image from an existing EC2 instance, does it require the restart of the existing instance?
I make a copy of the instance, and subsequently the server went down because it turned off a process monitor which led to downtime, but I can't remember if it was because I rebooted the system (I can't remember if I rebooted it), or if it was because I made a copy of the image.
There's option to enable No reboot during create AMI
When creating an AMI image from an existing EC2 instance, does it require the restart of the existing instance
to answer this yes, when ami is being created aws the instance for ensuring data integrity.
doc says this "Amazon EC2 powers down the instance before creating the AMI to ensure that everything on the instance is stopped and in a consistent state during the creation process."
you can override this behaviour by enabling no reboot while creating ami.
No reboot – This option is not selected by default. Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates and registers the AMI, and then reboots the instance. Select No reboot to avoid having your instance shut down.
refer 6 point of this https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html.
also whenever you are unsure about anything just follow the docs of that service, it will be define in one way or the another.
In my workplace, we have a process of changing the EC2's AMI every month with the new patched private AMI.
Our internal operations team makes these patched AMI available for us as private AMI for EC2.
In our terraform script, we change the name of the AMI to the new one before executing the script via Jenkins.
However, we have noticed that after the script is executed EC2 instance is not affected by the AMI name change, we have to manually terminate each EC2 instance for the AMI change to take effect.
What I want to know is-
Is this a problem someone has faced before?
Is there a way to remove the manual termination of instance in Terraform OR is there a way in Terraform by which the changes will be taken cared of automatically?
The instances in ASG are not being updated with the new AMI because by default, only your launch configuration (LC) or launch template (LT) are updated with the new AMI. This does not automatically causes an update of the instances to use the new LC/LT.
However, since not too long ago, AWS has introduce instance refresh to combat this specific issue. Subsequently, this functionality was added to terraform and is configured using instance_refresh block of aws_autoscaling_group resource.
Thus, you could setup instance_refresh in your aws_autoscaling_group and specify what triggers it. Usually the trigger would be changes to the associated launch_configuration or launch_template.
I have an EC2 instance that houses an application and a database. The current instance is running in a production environment with a populated database. I would like to create an AMI of the instance to use as a template for firing up new production servers but with an empty database.
If I just create an AMI from the instance then I believe it will contain all of the data which will have cost implications due to the size on disk and is also a security risk as the AMI would contain customer data.
I thought that I could create an AMI from the instance, then launch a new instance based on that AMI, delete all of the data, create a new AMI based on the new instance, then delete the original AMI and new instance.
My specific questions are:
Will I be able to delete the first AMI if the second AMI was based on an instance created from it?
I understand that the charges for AMIs are incremental in nature. How does it work if a new AMI is created from an instance that is smaller then the AMI that that instance was created from?
Is there a better way of achieving my objective?
Thanks
Will I be able to delete the first AMI if the second AMI was based on an instance created from it?
Yes. You can delete (i.e. de-register) your AMI even if you have an instance running which uses it. But this is something you can easily check on your own. Just create a dummy instance and try creating AMI from it, launch new instance, creating new AMI and so on.
I understand that the charges for AMIs are incremental in nature. How does it work if a new AMI is created from an instance that is smaller then the AMI that that instance was created from?
It won't be smaller. You can't decrease the volume size when you launch an instance from your AMI. You can only increase it. Deletion of your db from the volume will have no effect on the volume size nor its price.
Is there a better way of achieving my objective?
Depends how you define "better". What you described I think is the most logical way.
i want to launch a new instance at my AWS account.There i have an instance that i am running a website and i want to launch a new instance,with the informations of the old one(that i have the website) for testing purposes.I found this link:[http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launch-more-like-this.html ]
If i launch the new instance and make my changes there,this will affect my old instance?I am asking for your understanding because i don't know a lot of things about the Amazon services.Thank you.
Nothing done to the new instance will impact the old one.
Not only do they not have any future connection to each other, the new one does not start out as a clone of the old in its current state.
Note
The Launch More Like This wizard option does not clone your selected instance; it only replicates some configuration details. To create a copy of your instance, first create an AMI from it, then launch more instances from the AMI.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launch-more-like-this.html
"Launch more like this" only means "like this one... back when it was new."