2

I'm trying to use the eb cli utility ( version 3.8.7 ) to try to SSH to my ElasticBeanstalk managed instances.

The instances have only private ip addresses and I'm connected using a VPN to the VPC.

When I run the command eb ssh it's trying to connect on the private DNS domain which my local DNS can't resolve

$ eb ssh -n 1
INFO: Attempting to open port 22.
INFO: SSH port 22 open.
INFO: Running ssh -i /Users/dkotvan/.ssh/qa-cert ec2-user@ip-xxx-xxx-xxx-xxx.ec2.internal
ssh: Could not resolve hostname ip-xxx-xxx-xxx-xxx.ec2.internal: nodename nor servname provided, or not known

Is there a way to configure the eb cli utility to use the local ip address instead?

Dimas Kotvan
  • 241
  • 3
  • 7

4 Answers4

3

As far as I can see there is absolutely no way to tell the eb cli that you want to connect to a private ip or internal dns. The main problem is that, well, they are on a private subnet and there really isn't a way to connect without using another host that is publicly accessible. I was able to solve this by connecting to my bastion host that is in the same VPC as my EB environment. Using a bastion host is pretty standard practice so hopefully you've already got one! So really this is just an ~/.ssh/config problem:

Host aws-bastion
  Hostname xxx.xxx.xxx.xxx #bastion public IP
  User your-bastion-user
  IdentityFile ~/.ssh/your-aws-key.pem
  Port 22 # or, a non-standard port if you configured it
  ForwardAgent yes
Host *.ec2.internal
  IdentityFile ~/.ssh/your-aws-key.pem
  ProxyCommand ssh -q aws-bastion nc %h 22
Justin Hopkins
  • 46
  • 3
1

No, in April 2021, it is still not possible to configure the EB CLI to use the private DNS/IP address. However, aws/aws-elastic-beanstalk-cli/issues/3 might make it possible in the future.

On the other hand, it can be accomplished by disabling public IP addresses the Network settings of the Elastic Beanstalk environment. This will cause the the EB CLI to use the private IP address as a fall-back (which is not obvious).

Thanks to Dustin's answer for clearing that up.

J. Christian
  • 111
  • 2
0

You might be able to set up an alias in your .ssh/config file that looks something like this:

Host ip-xxx-xxx-xxx-xxx.ec2.internal
  Hostname yyy.yyy.yyy.yyy
Brian
  • 201
  • 1
  • 3
  • 2
    The problem is that I'm using immutable deploy, on every deploy it create new instances and the ip address changes rendering the alias useless – Dimas Kotvan Jan 11 '17 at 19:31
0

You can also modify sshops.py to use the private DNS name. Varies by OS and version, but mine is located here:

~/Library/Python/2.7/lib/python/site-packages/ebcli/operations/sshops.py

Search for PublicIpAddress (mine is on line 88), and change it to read:

ip = instance['PrivateDnsName'] #was PublicIpAddress

It's too bad that the EB CLI isn't on Github...otherwise I'd contribute a way to do this via a parameter.

I also added a convenient alias for this:

alias appname='eb init appname;eb ssh --region=us-east-1 appname -n'

This allows running appname 1 or appname n, where n is the number of hosts in your cluster.

Dustin
  • 101
  • 1
  • AWS EB CLI is now on GitHub and this functionality is requested https://github.com/aws/aws-elastic-beanstalk-cli/issues/3 – J. Christian Apr 28 '21 at 19:39