Amazon cloud vm : How to access in secure environment

Recently, One of my client they were doing the proof of concept for amazon aws. Till Now, I just used for trial purpose, took a single ec2 instance and assigned a public ip, was able to access easily using putty. Just download the .pem file and access using ssh by any linux box.

In my client case they were using vpc (virtual private cloud), in that they have defined the availability zone (subnet are defined). When I was selecting any vpc, it has shows mapped availability zone. Client has provided one jump server as well from where we will be doing ssh or can use aws command line to control the environment. The complete environment is access aws private ip ,since it has mapped to it.

Problem faced and applied solution:

During the phase of starting, initially i have created ec2 instance in my assigned vpc, when i was trying to access it was not pinging from jump box. After googling a lot I found that “Security group” which i am using, doesn’t mention Source ip range from which it has to communicate.

I created a new security group¬† mentioning source “0.0.0.0/0” but it has started giving the security warning, so i went back and created the correct range “192.168.0.0/32”. After that i was able to ping my ec2 instance from my jump server.

Next step i created a key pair and downloaded the .pem file, while i was using that .pem file in my environment somehow it was not able to do ssh from the jump server. I was able to ping the aws instance but not able to connect.

I have moved the .pem file to file format: mv <file.pem> <file>

ssh <file option>  <file> ec2-user@<instance private ip>

now i was running aws command from the jump server (which is already configured on the system)

aws ec2 describe-instances

It was giving error not configured. Tried the below command

aws configure

This command ask “Access key id”, “Secret access key”,”default region”, and “output format”.

Access key id and secret access key information will get from IAM service configuration (Identity and Access Management), In users segment select your user. In that section you can create access key and activate it. Download it, It has both the information access key and secret.

Region information you can find from aws web page, which region you have selected, and output format (text,json or xml..) , once you ready with this information, please use the same command “aws configure”, will able to configure. Now if you run any command ” aws help” It will work from command line…

It was overall a good experience, yet to have lot of information to fetch…will definitely share